Here’s the steps I had to take in order to add an encrypted listener in addition to the standard listener on an old Oracle instance.  Hopefully it may save you some time.. I had to futz around with it a bit until I got it going and then was able to deploy to some other servers in the same fashion:

STEP1 – – Go to the directory right above your “TNS_ADMIN” location.. typically it would be something like this:

cd /u01/product/11.2.0/dbhome_1/network/

STEP2 – – Create a new “admin2” directory

mkdir /u01/product/11.2.0/dbhome_1/network/admin2

STEP3 – –  Create new listener.ora and sqlnet.ora files in the new admin2 directory, and customize for your particular instance.  I arbitrarily picked port 11521 because it would be easy to remember for me.

####### listener.ora ########

SSL_CLIENT_AUTHENTICATION = FALSE

ENCRYPTED_LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = FQDN.DB.HOSTNAME)(PORT = 11521))
)
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC11521))
)
)

ADR_BASE_ENCRYPTED_LISTENER = /u01
SECURE_REGISTER_LISTENER_PROD = (IPC)
####### sqlnet.ora ########

SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS)
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (SHA1, MD5)
SSL_VERSION = 0
SQLNET.ENCRYPTION_SERVER = required
SSL_CLIENT_AUTHENTICATION = FALSE
SQLNET.CRYPTO_SEED = ‘SomeCrazyCryptoSeedWhateverYouWantHere’
SQLNET.ENCRYPTION_TYPES_SERVER= (AES256)
SSL_CIPHER_SUITES= (SSL_RSA_WITH_AES_256_CBC_SHA)
SQLNET.EXPIRE_TIME=60

STEP4 – – Next we will need to register the new listener to let the DB know about the regular one and the new encrypted one (or more if you’d like).  I’m doing this in the TNSNAMES.ORA file and calling it “ALL_LISTENERS”.

In my case this was located in the regular TNS_ADMIN home location: /u01/product/11.2.0/dbhome_1/network/admin/tnsnames.ora

#######
ALL_LISTENERS=
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = FQDN.DB.HOSTNAME)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = FQDN.DB.HOSTNAME)(PORT = 11521))
)
####

Then in SQLPLUS as the SYSDBA you will need to run:

SQL> ALTER SYSTEM SET LOCAL_LISTENER=ALL_LISTENERS;
———————————————————–
Note: You may have to stop everything and restart the DB at this point… but it may not be necessary.  I just did it to make sure everything was clean.

STEP5 – – Start up your standard listener first as usual:

lsnrctl start

Next follow this procedure in order to start the second encrypted listener:

cd /u01/product/11.2.0/dbhome_1/network/admin2
export TNS_ADMIN=`pwd`
lsnrctl start ENCRYPTED_LISTENER

After a minute or so you should be able to see that the listener status is READY, and has 1 handler(s) for this service by running the command:

lsnrctl status ENCRYPTED_LISTENER

Hopefully this is straight forward enough.  I hate reading Oracle docs and would rather just have an example cookbook approach, so if you are like me maybe you will appreciate this.

–Cheers!

Leave a reply

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> 

required

Just making sure you\'re human! * Time limit is exhausted. Please reload CAPTCHA.