Oracle encrypted port - trouble connecting

No problem connecting to the default Oracle 1521 port. But when using a different/encrypted port, we get the message on the “Connection Test” message box of “Unable to connect to the database: IO Error: Connection reset”. The details show an inability to connect to the port with various java messages at the oracle.jdbc.driver. We tested connectivity to the port with other software, such as Oracle’s SQL*Plus and Allaround Automation’s PL/SQL Developer - none of them had any issue connecting.
Oracle database is 12.1. DQ Analyzer is 9.01. We can’t use the product on the default port because of security issues, so we need to switch to a different port. Please let us know why we are unable to connect.

Hi Alice,

Can you share the error details (log) with us?
Please, elaborate on the type of encryption used.
It will help us addressing the issue.

HeyAbduraimov,

This is Ajeesh Mathew, I’m working in Alice’s project, just want to provide more details on it.

We are using TCPS protocol listener, instead of TCP. I have also attached error screenshot (i would assume 2484 is the default port for TPCS/SSL ).

Hope it will help you to analyze the situation better. let us know if you can provide any input to resolve this issue.

Thank you,
Ajeesh

Hello Ajeesh,

In the Edit Database Connection window, choose the By URL option and try using the following Connection String:

jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=servername)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=servicename)))

Note, you need to configure servername and servicename according to your environment.

Please, let us know if it worked for you.

Detailed information on using SSL With Oracle JDBC Thin Driver you can find here

Hi Abduraimo,

We tried the same using connect URL and received certification path error.Our Network admin tried to get the certificate installed on the machine,but it didn’t work out. I will get the network admin to respond with this findings. Thank you again for your input and help on this regard.

Please find the error screenshot attached hereby.

Thanks,
Ajeesh

Hi Abduraimo,

Did you get a chance to review my error screenshot. I really appreciate if you can share your thoughts on it.

Note: Network admin confirmed that they were able to import the required certificate into Java.

Thank you,
Ajeesh

Hi Ajeesh,

Try the following options:

The first option is to add the following parameter to the dqa.ini file.

-Djavax.net.ssl.trustStore=[path]

Please note, you need to specify the path to the folder with the certificate(s).

The second option is to copy the certificate(s) to [DQA]\jre\lib\security

After applying any changes, we suggest restarting DQA.

Thank you Abduraimov for your suggestion.

I have copied the certificate files to [DQA]\jre\lib\security folder, and tried the connection after restarting DQ Analyzer, but this time its giving me a different error. Let me know if you have any clue on this error.

Thank you,
Ajeesh

Hi Ajeesh,

Unfortunately, this is not a DQA-related issue.
We assume that it might be related to Java and the SSL certification.
Most probably, you need to import the relevant certificates into Java keystore.
We have found a documentation which might be useful.
The link is given below:

http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html

Thank you Abduraimo for all your inputs.

We finally managed to connect through the secured port. Though we have certificates imported properly into Java key store, it looks like Java7 server certificate fails to trust its own trust store. So we had to point DQ analyzer to use Java6 and its working fine now.

Note: We have tried both options that you have mentioned in the previous post, but it was still giving the same error.

Thanks
Ajeesh

You can find more details about Java7 SSL issue here. http://stackoverflow.com/questions/11153058/java7-refusing-to-trust-certificate-in-trust-store

Hi Ajeesh,

We are glad that you were able to connect via the secure port.
Thank you for the shared information. We will keep your suggestion in mind.
If you have any other DQA-related questions, feel free to create a new post.
We will be glad to help.