To connect using SSL (as is required when connecting to Oracle Cloud Autonomous databases), you will need an Oracle Wallet, which is a password-protected container used to store authentication and signing credentials, including private keys, certificates, and trusted certificates needed by SSL.
Unzip the Oracle Wallet.
Examine tnsnames.ora to identify the hostname, port, and ServiceName.
Use keytool (part of Java Runtime) to convert the keystore and truststore from JKS to PKCS12 format. You will be prompted to supply the passwords for the existing keystores.
keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -srcstoretype JKS -deststoretype PKCS12 -deststorepass <password>
keytool -importkeystore -srckeystore truststore.jks -destkeystore truststore.p12 -srcstoretype JKS -deststoretype PKCS12 -deststorepass <password>
Create an ODBC data source connection to verify connectivity and encrypt the keystore passwords.
On the General tab, enter:
Data Source Name
Host
Port Number
Service Name
On the Security tab, enter:
Encryption Method: 1-SSL
Key Store: full path to keystore.p12
Key Store Password: password for the keystore
Select the Test Connect button and verify connecitivty
Save the DSN
Examine the registry and copy the encrypted password
HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBC.INI\mydsn\KeyStorePassword
If you want to Validate Server Certificate, select the checkbox for Validate Server Certificate and supply Trust Store and Trust Store Password.
Here is a connection string that connects without validating the server certificate:
HostName=adb.us-phoenix-1.oraclecloud.com;PortNumber=1522;
ServiceName=myservicename.atp.oraclecloud.com;
KeyStore=C:\keystore\keystore.p12;KSP=<encrypted-password>;VSC=0;EM=1
To validate the server certificate, set VSC=1 and add the Trust Store and Trust Store Password parameters. At this point, the connection string becomes long and unwieldy and you may prefer to use the data source.
Refer to Oracle documentation for the use of the Oracle Wallet with Oracle Instant Client
Connect Autonomous Transaction Processing Using a Client Application
Connect Autonomous Data Warehouse Using a Client Application
Briefly:
Install Oracle Instant Client. This involves running odbc_install from an elevated prompt, adding the directory (e.g. C:\OracleIC) to the PATH system environment and setting TNS_ADMIN to that directory.
Unzip the Wallet into a secure folder on your computer.
Examine tnsnames.ora from the Wallet and add connectivity information to your working tnsnames.ora file in the OracleIC directory.
Copy sqlnet.ora from the wallet to your OracleIC directory and replace "?/network/admin" with the name of the folder containing the expanded wallet. e.g.
WALLET_LOCATION = (SOURCE = (METHOD = file) (METHOD_DATA
= (DIRECTORY="C:\keystore")))
SSL_SERVER_DN_MATCH=yes