AWS certificate Import in OCI
Introduction:
This document is intended for DBA’s who need to know how to import AWS certificates into Oracle Cloud Infrastructure (OCI) databases. This brief walkthrough will assist you in seamlessly integrating AWS certificates with your OCI environment for enhanced security and functionality.
Why we need to do:
If a client requirement is to send an Oracle email using AWS SES, then we need to import the AWS certificate in OCI. Here we will discuss the process of importing the AWS certification in OCI Database.
Steps to Import the certificate:
a. Download certificate from AWS,
Go to the below URL and download the certificate,
https://www.amazontrust.com/repository/
1. Click on PEM
2. copy the text
3. create the five certificate files using Notepad with the extension .crt.
b. Create Wallet Directory:
mkdir -p /u01/app/oracle/wallet/TEST
c. Copy all the certificates downloaded from AWS to the Wallet directory created.
d. Create the wallet using the below command:
orapki wallet create -wallet /u01/app/oracle/wallet/TEST
e. Import the certificates to the wallet using the below command:
orapki wallet add -wallet /u01/app/oracle/wallet/TEST -pwd <PASSWORD> -trusted_cert -cert AmazonRootCA1.cer
orapki wallet add -wallet /u01/app/oracle/wallet/TEST -pwd <PASSWORD> -trusted_cert -cert SFSRootCAG2.cer
orapki wallet add -wallet /u01/app/oracle/wallet/TEST -pwd <PASSWORD> -trusted_cert -cert AmazonRootCA2.cer
orapki wallet add -wallet /u01/app/oracle/wallet/TEST -pwd <PASSWORD> -trusted_cert -cert AmazonRootCA3.cer
orapki wallet add -wallet /u01/app/oracle/wallet/TEST -pwd <PASSWORD> -trusted_cert -cert AmazonRootCA4.cer
f. Display the wallet:
orapki wallet display -wallet /u01/app/oracle/wallet/TEST -pwd <PASSWORD>
g. Create auto login for the wallet:
orapki wallet create -wallet /u01/app/oracle/wallet/TEST -auto_login
h. Create and assign ACL:
–create ACL with connect permission
BEGIN
DBMS_NETWORK_ACL_ADMIN.create_acl (
acl => ‘<ACL_NAME>’,
description => ‘<DESCRIPTION>’,
principal => ‘<USER>’,
is_grant => TRUE,
privilege => ‘connect’,
start_date => SYSTIMESTAMP,
end_date => NULL);
COMMIT;
END;
/
— grant resolve permission
BEGIN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(
acl => ‘<ACL_NAME>’,
principal => ‘<USER>’,
is_grant => true,
privilege => ‘resolve’);
COMMIT;
END;
/
— grant smtp permission
BEGIN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(
acl => ‘<ACL_NAME>’,
principal => ‘<USER>’,
is_grant => true,
privilege => ‘smtp’);
COMMIT;
END;
/
— grant host permission
BEGIN
DBMS_NETWORK_ACL_ADMIN.assign_acl (
acl => ‘<ACL_NAME>’,
host => ‘*’,
lower_port => NULL,
upper_port => NULL);
COMMIT;
END;
/
Conclusion:
Using the above steps DBA can easily Import the AWS certificate into OCI Database.
