Oracle Cloud Infrastructure Documentation

Connecting to Autonomous Databases

Applications and tools connect to an autonomous database using Oracle Net Services (also known as SQL*Net). Oracle Net Services enables a network session from a client application to an Oracle Database server.

When a network session is established, Oracle Net Services acts as the data courier for both the client application and the database. It is responsible for establishing and maintaining the connection between the client application and the database, as well as exchanging messages between them. It supports a variety of connection types to autonomous databases, including:

  • Oracle Call Interface (OCI), which is used by many applications written in C language. Examples include Oracle utilities such as Oracle SQL*Plus, SQL*Loader, and Oracle Data Pump.

  • ODBC drivers, which can be used by applications running on Microsoft Windows, are layered over Oracle Call Interface (OCI).

  • JDBC OCI, which can be used by Java language applications, is layered over Oracle Call Interface (OCI). The Oracle SQLcl command-line interface uses JDBC OCI.

  • JDBC Thin Driver, also for Java applications, is a pure Java driver. Oracle SQL Developer supports JDBC Thin Driver connections.

Third-party products and custom applications can use any of these connection types.

Oracle Autonomous Database provides several pairs of database services to use when connecting to autonomous databases. In each pair, one of the pair provides a secure TCP (TCPS) connection using the TLS protocol, and the other provides a TCP connection. In all other respects, the two members of a pair are the same. To ensure security of data in transit, Oracle strongly recommends that you use a secure connection, even if the database is only available through a private network. If you are familiar with using an Oracle Database within your own data center, you may not have previously used these secure connections.

To provide the secure TCPS connection, certification authentication uses an encrypted key stored in a wallet on both the client (where the application is running) and the server (where the autonomous database is running). The key on the client must match the key on the server to make a connection. A wallet contains a collection of files, including the key and other information needed to connect to your database . All communications between the client and the server are encrypted.

Download the Wallet for an Autonomous Database

Follow these steps to download the wallet for an autonomous database on an Oracle Exadata Database Service on Cloud@Customer system.

  1. Open the navigation menu. Under Oracle Database, click Exadata Database Service on Cloud@Customer.
  2. Click Autonomous Databases.
  3. In the list of Autonomous Databases, click the display name of the database whose wallet you wish to download.
  4. Click DB Connections.
  5. Select the DB Connection option.
  6. In the Download Wallet dialog, enter a wallet password in the Password field and confirm the password in the Confirm Password field.

    The password must be at least 8 characters long and must include at least 1 letter and either 1 numeric character or 1 special character.

    Note

    This password protects the downloaded Client Credentials wallet. This wallet is not the same as the Transparent Data Encryption (TDE) wallet for the database; therefore, use a different password to protect the Client Credentials wallet.
  7. Click Download to save the client security credentials zip file.

    By default the filename is Wallet_databasename.zip. You can save this file as any filename you want.

    You must protect this file to prevent unauthorized database access.

The zip file includes the following:

  • tnsnames.ora and sqlnet.ora: Network configuration files storing connect descriptors and SQL*Net client side configuration.

  • cwallet.ora and ewallet.p12: Auto-open SSO wallet and PKCS12 file. PKCS12 file is protected by the wallet password provided in the UI.

  • keystore.jks and truststore.jks: Java keystore and truststore files. They are protected by the wallet password provided while downloading the wallet.

  • ojdbc.properties: Contains the wallet related connection property required for JDBC connection. This should be in the same path as tnsnames.ora.

Note

Wallet files, along with the Database user ID and password, provide access to data in your autonomous database. Store wallet files in a secure location. Share wallet files only with authorized users. If wallet files are transmitted in a way that might be accessed by unauthorized users (for example, over public email), transmit the wallet password separately and securely.

Get the APEX and SQL Developer Web URLs for an Autonomous Database

Follow these steps to get the URLs to use to connect to APEX (Oracle Application Express) and Oracle SQL Developer Web in an autonomous database on an Oracle Exadata Database Service on Cloud@Customer system.

  1. Open the navigation menu. Under Oracle Database, click Exadata Database Service on Cloud@Customer.
  2. Click Autonomous Databases.
  3. In the list of Autonomous Databases, click the display name of the database whose APEX and SQL URLs you wish to get.
  4. Click DB Connections.
  5. Select the Application Connection option.
  6. Application URLs are displayed in plain text in the Application URL field. Copy the URL string using the Copy link.

Paste the URL into a browser running on a system with network access to your autonomous database.