Search code examples
databaseoracle-databasessl-certificateoracle-cloud-infrastructureoracleclient

How to connect to Oracle Cloud Database with instant client from CentOS 7?

I'm trying to connect to an Oracle Cloud Database using the instant client from a CentOS 7 machine.

I created the databases in the OCI interface, I downloaded the wallet files and created one user with the DWROLE role.

I installed the bellow packages on the system

oracle-instantclient19.8-basic-19.8.0.0.0-1.x86_64.rpm
oracle-instantclient19.8-devel-19.8.0.0.0-1.x86_64.rpm
oracle-instantclient19.8-sqlplus-19.8.0.0.0-1.x86_64.rpm
oracle-instantclient19.8-tools-19.8.0.0.0-1.x86_64.rpm

I created set the bellow folders and set the env vars

export ORACLE_HOME=/usr/lib/oracle/19.8/client64
export TNS_ADMIN=$ORACLE_HOME/network/admin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib
export PATH=$PATH:$ORACLE_HOME/bin

then I unzipped the wallet files to TNS_ADMIN

[root@workvm admin]# ll
total 40
-rw-r--r-- 1 root root 6733 Sep 17  2020 cwallet.sso
-rw-r--r-- 1 root root 6688 Sep 17  2020 ewallet.p12
-rw-r--r-- 1 root root 3276 Sep 17  2020 keystore.jks
-rw-r--r-- 1 root root  691 Sep 17  2020 ojdbc.properties
-rw-r--r-- 1 root root  317 Sep 17  2020 README
-rw-r--r-- 1 root root  114 Sep 17  2020 sqlnet.ora
-rw-r--r-- 1 root root 1813 Sep 16 14:18 tnsnames.ora
-rw-r--r-- 1 root root 3336 Sep 17  2020 truststore.jks
[root@workvm admin]# pwd
/usr/lib/oracle/19.8/client64/network/admin

The tnsnames.ora files have some autogenerated services defined

otakudb_high = (description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1522)(host=...)
otakudb_low = (...)
otakudb_medium = (...)

According to what I have read, I should be able to connect to the database by executing

sqlplus metalbob@otakudb_high

However, when I run it the connection halts and then errors out with the following message

[donhk@workvm ~]$ sqlplus metalbob@otakudb_high

SQL*Plus: Release 19.0.0.0.0 - Production on Wed Sep 16 14:01:52 2020
Version 19.8.0.0.0

Copyright (c) 1982, 2020, Oracle.  All rights reserved.
Enter password:
ERROR: ORA-28791: certificate verification failure

[donhk@workvm ~]$

What is the correct procedure to connect to the remote database?

Edit after Joe answer:

This is how my sqlnet.ora file was prior to the changes

WALLET_LOCATION = (SOURCE = (METHOD = file) (METHOD_DATA = (DIRECTORY="?/network/admin")))
SSL_SERVER_DN_MATCH=yes

This is how I changed to make it work after joe answer

NAMES.DIRECTORY_PATH= (TNSNAMES)
WALLET_LOCATION = (SOURCE = (METHOD = file) (METHOD_DATA = (DIRECTORY="?/network/admin")))
SSL_SERVER_DN_MATCH=yes

There is no need to change the DIRECTORY, the trick was this

NAMES.DIRECTORY_PATH= (TNSNAMES)

Hope this helps someone!

Edit 2

I realized that after I bounced the machine, I was able to connect, maybe it was a network problem on the machine or a library not properly loaded

Solution

  • I wrote this up last week in How to connect to Oracle Autonomous Cloud Databases.

    You can edit sqlnet.ora if you don't have the config files in the default network/admin directory. If they are in that directory then you don't need to edit it, because the pre-supplied path "?/network/admin" maps to the network/admin subdirectory under where the libclntsh.so file is.

    The other alternative is to use "Easy Connect Plus" syntax like:

    tcps://adb.ap-sydney-1.oraclecloud.com:1522/abc_cjjson_high.adb.oraclecloud.com?wallet_location=/Users/cjones/Cloud/CJJSON

    Extract cwallet.so from the wallet zip, and stick it in a directory (I used /Users/cjones/Cloud/CJJSON). Then find the host, servicename, port etc from the wallet tnsnames.ora file and build up your easy connect string. Then you can 'throw away' the zip file since it is not needed :)