Forum Discussion

dkalidan's avatar
dkalidan
Copper Contributor
Jun 24, 2024

Dotnet core Oracle 23c SSL connection not working on Linux environment and works on Windows

Our data direct ADO.NET oracle driver is having an issue with SSL connection on Linux platform and the same connection is working on windows environment with Oracle23c server.   Are there any known...
.net core
alihubs's avatar
alihubs
Copper Contributor
Feb 01, 2025

When dealing with SSL connection issues between .NET Core and Oracle 23c in a Linux environment (while it works on Windows), the problem is often related to differences in SSL/TLS configuration, certificates, or libraries between the two operating systems. Below are steps to diagnose and resolve the issue:

---

### **1. Verify Oracle Client and .NET Core Configuration**
- **Oracle Data Provider for .NET (ODP.NET):** Ensure you are using the latest version of ODP.NET Core that supports Oracle 23c.
- **Oracle Instant Client:** Install the correct version of Oracle Instant Client on Linux. Ensure it matches the architecture (x64 or ARM) and version required by Oracle 23c.

---

### **2. Check SSL/TLS Configuration**
- **Oracle Server Configuration:** Verify that the Oracle 23c server is configured to accept SSL/TLS connections. Check the `sqlnet.ora` and `listener.ora` files for SSL-related settings.
- **.NET Core Configuration:** Ensure your .NET Core application is configured to use the correct SSL/TLS protocol (e.g., TLS 1.2 or higher).

---

### **3. Certificates**
- **Certificate Installation:** On Linux, ensure the Oracle server's SSL certificate is installed in the correct certificate store. Linux typically uses the `/etc/ssl/certs` directory or a custom directory specified in the environment.
- **Trusted Root Certificates:** Ensure the root CA certificate for the Oracle server's SSL certificate is trusted on the Linux machine. Use the `update-ca-certificates` command to update the trusted certificates.
- **Certificate Permissions:** Ensure the certificate files have the correct permissions (readable by the user running the .NET Core application).

---

### **4. Environment Variables**
Set the following environment variables on Linux to ensure the Oracle client can locate the SSL certificates and configuration:
```bash
export TNS_ADMIN=/path/to/tns_admin_directory
export ORACLE_HOME=/path/to/oracle_instant_client
export LD_LIBRARY_PATH=$ORACLE_HOME:$LD_LIBRARY_PATH
```
- Replace `/path/to/tns_admin_directory` with the directory containing `sqlnet.ora` and `tnsnames.ora`.
- Replace `/path/to/oracle_instant_client` with the path to your Oracle Instant Client installation.

---

### **5. SSL Wallet Configuration**
If the Oracle server uses an SSL wallet, ensure the wallet is correctly configured on Linux:
- Copy the wallet files (e.g., `cwallet.sso`, `ewallet.p12`) to the Linux machine.
- Update the `sqlnet.ora` file to point to the wallet location:
  ```
  WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /path/to/wallet)))
  SSL_CLIENT_AUTHENTICATION = FALSE
  ```

---

### **6. Debugging the Connection**
- **Enable Oracle Logging:** Enable detailed logging for the Oracle client to identify SSL-related errors. Add the following to `sqlnet.ora`:
  ```
  TRACE_LEVEL_CLIENT = 16
  TRACE_DIRECTORY_CLIENT = /path/to/logs
  TRACE_FILE_CLIENT = ora_ssl.log
  ```
- **Check .NET Core Logs:** Use logging in your .NET Core application to capture any exceptions or errors related to the SSL connection.

---

### **7. Common Issues and Fixes**
- **Mismatched SSL/TLS Versions:** Ensure both the Oracle server and .NET Core application are configured to use compatible SSL/TLS versions (e.g., TLS 1.2).
- **Missing Dependencies:** On Linux, ensure all required libraries (e.g., `libaio`, `libnsl`) are installed.
- **Firewall or Network Issues:** Verify that the Linux machine can reach the Oracle server on the required port (e.g., 2484 for SSL).
- **Time Synchronization:** Ensure the system clocks on both the Linux machine and Oracle server are synchronized. SSL/TLS connections can fail if there is a significant time difference.

---

### **8. Example .NET Core Connection String**
Ensure your connection string includes the correct SSL settings:
```csharp
string connectionString = "User Id=your_user;Password=your_password;Data Source=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=your_host)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=your_service_name))(SECURITY=(SSL_SERVER_CERT_DN=\"your_server_cert_dn\")))";
```

---

### **9. Test with a Simple Application**
Create a minimal .NET Core application to test the SSL connection:
```csharp
using Oracle.ManagedDataAccess.Client;

class Program
{
    static void Main()
    {
        string connectionString = "your_connection_string";
        using (var connection = new OracleConnection(connectionString))
        {
            connection.Open();
            Console.WriteLine("Connected successfully!");
        }
    }
}
```

---

### **10. Compare Windows and Linux Environments**
- Check for differences in Oracle client versions, certificate configurations, and environment variables between Windows and Linux.
- Use tools like `openssl` on Linux to verify the SSL connection to the Oracle server:
  ```bash
  openssl s_client -connect your_host:2484 -showcerts
  ```

---

By following these steps, you should be able to identify and resolve the SSL connection issue between .NET Core and Oracle 23c on Linux. If the problem persists, consult the Oracle documentation or support for further assistance.

Resources