Hello!
I have one Oracle Database with TCPS listener on 2484 port, with SSL enabled. (This is for HIPAA)
But i dont have option to set my Java KeyStore or my certificate to conect.
If i try connect on port 2484 i got handshake error… (IO Error: Connection reset by peer, connect lapse 0 ms., Authentication lapse 0 ms.).
Any one have ideias for this connection?
Thanks!
Hi @dsilva
Please post “Diagnostic Info” from Admin > Troubleshooting.
And which version of ojdbc8.jar you’re using, as well as the database version.
Did you try adding the KeyStore to Java?
https://blogs.oracle.com/dev2dev/ssl-connection-to-oracle-db-using-jdbc,-tlsv12,-jks-or-oracle-wallets#JKS
Hello @flamber
Thanks for help!
Im using the ojdbc8.jar 12.2.0.1, and my Oracle is RDS Oracle SE01 11.2.0.4.v22.
This is my java command to start metabase;
java -Doracle.net.ssl_server_dn_match=“true” -Djavax.net.ssl.keyStore="/root/client.jks" -Djavax.net.ssl.keyStoreType=“JKS”-Djavax.net.ssl.keyStorePassword="***" -jar metabase.jar
And this is my Diagnostic info:
{
“browser-info”: {
“language”: “en”,
“platform”: “Win32”,
“userAgent”: “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36”,
“vendor”: “Google Inc.”
},
“system-info”: {
“file.encoding”: “UTF-8”,
“java.runtime.name”: “OpenJDK Runtime Environment”,
“java.runtime.version”: “1.8.0_265-b01”,
“java.vendor”: “Amazon.com Inc.”,
“java.vendor.url”: “https://aws.amazon.com/corretto/”,
“java.version”: “1.8.0_265”,
“java.vm.name”: “OpenJDK 64-Bit Server VM”,
“java.vm.version”: “25.265-b01”,
“os.name”: “Linux”,
“os.version”: “4.14.198-152.320.amzn2.x86_64”,
“user.language”: “en”,
“user.timezone”: “UTC”
},
“metabase-info”: {
“databases”: [
“oracle”
],
“hosting-env”: “unknown”,
“application-database”: “postgres”,
“application-database-details”: {
“database”: {
“name”: “PostgreSQL”,
“version”: “12.3”
},
“jdbc-driver”: {
“name”: “PostgreSQL JDBC Driver”,
“version”: “42.2.8”
}
},
“run-mode”: “prod”,
“version”: {
“tag”: “v1.36.7”,
“date”: “2020-10-09”,
“branch”: “enterprise-release-1.36.x-with-new-build-scripts”,
“hash”: “d0b0db7”
},
“settings”: {
“report-timezone”: null
}
}
}
@dsilva I’m not sure if it is the forum messing with the syntax, but you’re missing a space between the properties JKS"-D - should be JKS" -D
Are you executing as root? Otherwise Java wouldn’t be able to read the jks file.
And have you tried with a newer version of ojdbc8.jar - like 19.7?
Yes, this is a error when i past me code here…
i´m running with root
I trie with wallet.sso as well
java -classpath /opt/apps/plugins/ojdbc8.jar:/opt/apps/plugins/oraclepki.jar:/opt/apps/plugins/osdt_cert.jar:/opt/apps/plugins/osdt_core.jar:. -Doracle.net.wallet_location="(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/root)))" -Doracle.net.ssl_server_dn_match=true DataSourceSample -jar metabase.jar
I dont get any error when i start the metabase (with both options) and i try with 12.2, 19.3 and 19.7 jdbc versions… but when i change the port to 2484 i got the handshake error…
I’m out of options, and if i dont solve this, my company will not by the licensing 
@dsilva Okay, I have been looking at the code, and it doesn’t seem like our driver currently supports SSL. A workaround is to use SSH tunnels, but that’s most likely not acceptable for HIPAA.
I have created an issue for: https://github.com/metabase/metabase/issues/13552