{"id":387,"date":"2018-05-30T01:05:53","date_gmt":"2018-05-30T01:05:53","guid":{"rendered":"https:\/\/www.spotonoracle.com\/?p=387"},"modified":"2018-05-30T01:05:53","modified_gmt":"2018-05-30T01:05:53","slug":"sqlcl-enabling-tls-for-jdbc-thin-driver","status":"publish","type":"post","link":"https:\/\/www.spotonoracle.com\/?p=387","title":{"rendered":"SQLcl &#8211; enabling TLS for JDBC thin driver"},"content":{"rendered":"<p>This is a quick follow-up from my <a href=\"https:\/\/www.spotonoracle.com\/?p=376\" rel=\"noopener\" target=\"_blank\">previous post<\/a>. This time we&#8217;re going to add TLS capabilities to SQLcl. I&#8217;m going to reuse the java security file we created earlier to override the security provider&#8217;s list (\/opt\/sqldeveloper\/sqldeveloper\/bin\/sqldev.java.security).<\/p>\n<p>The thing with SQLcl is there is no configuration file like in SQL Developer. No problem, all we did was adding JVM options anyway, except for adding &#8220;oraclepki.jar&#8221; to the CLASSPATH. Luckily, SQLcl ships with a recent version so we don&#8217;t need that.<br \/>\nTo add the JVM options we can use either <a href=\"https:\/\/stackoverflow.com\/questions\/28327620\/difference-between-java-options-java-tool-options-and-java-opts\" rel=\"noopener\" target=\"_blank\">JAVA_TOOL_OPTIONS or _JAVA_OPTIONS<\/a>. It can&#8217;t get simpler than that, can it?<\/p>\n<pre class=\"brush: bash; collapse: false; title: ; wrap-lines: false; notranslate\" title=\"\">\r\n$ export JAVA_TOOL_OPTIONS='-Doracle.net.wallet_location=&quot;(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=\/home\/btr\/tns\/wallet)))&quot; -Doracle.net.authentication_services=&quot;(TCPS)&quot; -Doracle.net.ssl_server_dn_match=false -Djava.security.properties=\/opt\/sqldeveloper\/sqldeveloper\/bin\/sqldev.java.security'\r\n \r\n<\/pre>\n<p>Connect using username\/password but use TLS for in-flight traffic encryption:<\/p>\n<pre class=\"brush: bash; collapse: false; highlight: [1]; title: ; wrap-lines: false; notranslate\" title=\"\">\r\n$ sql system\/********@&quot;(DESCRIPTION=(ADDRESS=(HOST=ol7122rac-scan.localdomain)(PROTOCOL=TCPS)(PORT=1523))(CONNECT_DATA=(SERVICE_NAME=pdbrac1.localdomain)))&quot;\r\nPicked up JAVA_TOOL_OPTIONS: -Doracle.net.wallet_location=&quot;(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=\/home\/btr\/tns\/wallet)))&quot; -Doracle.net.authentication_services=&quot;(TCPS)&quot; -Doracle.net.ssl_server_dn_match=false -Djava.security.properties=\/opt\/sqldeveloper\/sqldeveloper\/bin\/sqldev.java.security\r\n\r\nSQLcl: Release 18.1.1 Production on Tue May 29 20:51:26 2018\r\n\r\nCopyright (c) 1982, 2018, Oracle.  All rights reserved.\r\n\r\nLast Successful login time: Tue May 29 2018 20:51:26 -04:00\r\n\r\nConnected to:\r\nOracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production\r\n\r\n\r\nSQL&gt; \r\n<\/pre>\n<p>Or connecting using TLS authentication:<\/p>\n<pre class=\"brush: bash; collapse: false; highlight: [1]; title: ; wrap-lines: false; notranslate\" title=\"\">\r\n$ sql \/@&quot;(DESCRIPTION=(ADDRESS=(HOST=ol7122rac-scan.localdomain)(PROTOCOL=TCPS)(PORT=1523))(CONNECT_DATA=(SERVICE_NAME=pdbrac1.localdomain)))&quot;\r\nPicked up JAVA_TOOL_OPTIONS: -Doracle.net.wallet_location=&quot;(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=\/home\/btr\/tns\/wallet)))&quot; -Doracle.net.authentication_services=&quot;(TCPS)&quot; -Doracle.net.ssl_server_dn_match=false -Djava.security.properties=\/opt\/sqldeveloper\/sqldeveloper\/bin\/sqldev.java.security\r\n\r\nSQLcl: Release 18.1.1 Production on Tue May 29 20:57:30 2018\r\n\r\nCopyright (c) 1982, 2018, Oracle.  All rights reserved.\r\n\r\nConnected to:\r\nOracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production\r\n\r\n\r\nSQL&gt; \r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>This is a quick follow-up from my previous post. This time we&#8217;re going to add TLS capabilities to SQLcl. I&#8217;m going to reuse the java security file we created earlier to override the security provider&#8217;s list (\/opt\/sqldeveloper\/sqldeveloper\/bin\/sqldev.java.security). The thing with SQLcl is there is no configuration file like in SQL Developer. No problem, all we [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12,6],"tags":[],"class_list":["post-387","post","type-post","status-publish","format-standard","hentry","category-security","category-sqldev"],"_links":{"self":[{"href":"https:\/\/www.spotonoracle.com\/index.php?rest_route=\/wp\/v2\/posts\/387","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.spotonoracle.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.spotonoracle.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.spotonoracle.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.spotonoracle.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=387"}],"version-history":[{"count":4,"href":"https:\/\/www.spotonoracle.com\/index.php?rest_route=\/wp\/v2\/posts\/387\/revisions"}],"predecessor-version":[{"id":391,"href":"https:\/\/www.spotonoracle.com\/index.php?rest_route=\/wp\/v2\/posts\/387\/revisions\/391"}],"wp:attachment":[{"href":"https:\/\/www.spotonoracle.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=387"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.spotonoracle.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=387"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.spotonoracle.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=387"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}