{"id":376,"date":"2018-05-25T21:14:50","date_gmt":"2018-05-25T21:14:50","guid":{"rendered":"https:\/\/www.spotonoracle.com\/?p=376"},"modified":"2018-05-25T21:46:51","modified_gmt":"2018-05-25T21:46:51","slug":"sql-developer-enabling-tls-for-jdbc-thin-driver","status":"publish","type":"post","link":"https:\/\/www.spotonoracle.com\/?p=376","title":{"rendered":"SQL Developer – enabling TLS for JDBC thin driver"},"content":{"rendered":"

I don’t think this is documented anywhere (and no hits on google) but it shows once again how awsome SQL Developer is. \ud83d\ude42
\nInstead of using “jdbc:oracle:oci” for TLS enabled connections we’re going to set SQL Developer up to do just that with “jdbc:oracle:thin”. In that regard, SQL Developer is no more special than any Java application.
\nTo keep it short I’m sticking to the basics, maybe I’ll add some variations into the comments later.
\nFirst, we need to add “OraclePKIProvider” to the JRE security provider’s list. The provider’s list is defined in “$JAVA_HOME\/jre\/lib\/security\/java.security”.
\nI’m going to append to it by creating a new file that I only source from SQL Developer. In my case, the next free slot is 10. Depending on your OS and JRE version the list may slightly vary.
\n(also make sure that the java.security file is appendable: “security.overridePropertiesFile=true”)<\/p>\n

\r\n$ vi \/opt\/sqldeveloper\/sqldeveloper\/bin\/sqldev.java.security\r\nsecurity.provider.10=oracle.security.pki.OraclePKIProvider\r\n<\/pre>\n
Next, we add a few options to the sqldeveloper.conf file:<\/p>\n
\r\n$ vi \/opt\/sqldeveloper\/sqldeveloper\/bin\/sqldeveloper.conf\r\n# add this to end of the config file\r\n\r\n# specify the path to your SSO wallet file\r\nAddVMOption -Doracle.net.wallet_location="(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=\/home\/btr\/tns\/wallet)))"\r\n# this is required if you want to use TLS authentication next to in-flight traffic encryption\r\nAddVMOption -Doracle.net.authentication_services="(TCPS)"\r\n# optionally, if you want the client to verify the server certificate\r\nAddVMOption -Doracle.net.ssl_server_dn_match=true\r\n# append\/override JRE security config to add Oracle provider\r\nAddVMOption -Djava.security.properties=\/opt\/sqldeveloper\/sqldeveloper\/bin\/sqldev.java.security\r\n# even SQLDev 18.1 ships with a very old version that is not compatible - just download the latest one from OTN\r\nAddJavaLibFile \/home\/btr\/orasec\/jlib\/oraclepki.jar\r\n<\/pre>\n
That’s it, we’re done.<\/p>\n
Now you can create connections using TNS, LDAP, or Advanced. Basic\/EZCONNECT does not support to specify the protocol, so it can’t be used for TLS.<\/p>\n
Here we only use TLS for in-flight traffic encryption:
\n\"\"<\/a><\/p>\n
And here, we make use of TLS user authentication:
\n\"\"<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
I don’t think this is documented anywhere (and no hits on google) but it shows once again how awsome SQL Developer is. \ud83d\ude42 Instead of using “jdbc:oracle:oci” for TLS enabled connections we’re going to set SQL Developer up to do just that with “jdbc:oracle:thin”. In that regard, SQL Developer is no more special than any […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,12,6],"tags":[],"class_list":["post-376","post","type-post","status-publish","format-standard","hentry","category-general","category-security","category-sqldev"],"_links":{"self":[{"href":"https:\/\/www.spotonoracle.com\/index.php?rest_route=\/wp\/v2\/posts\/376","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.spotonoracle.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.spotonoracle.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.spotonoracle.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.spotonoracle.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=376"}],"version-history":[{"count":8,"href":"https:\/\/www.spotonoracle.com\/index.php?rest_route=\/wp\/v2\/posts\/376\/revisions"}],"predecessor-version":[{"id":380,"href":"https:\/\/www.spotonoracle.com\/index.php?rest_route=\/wp\/v2\/posts\/376\/revisions\/380"}],"wp:attachment":[{"href":"https:\/\/www.spotonoracle.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=376"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.spotonoracle.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=376"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.spotonoracle.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}