TNS-01194: The listener command did not arrive in a secure transport

Mehmet Salih Deveci May 3, 2020 Leave a comment

Hi,

Sometimes You can get “TNS-01194: The listener command did not arrive in a secure transport ” error.

 

Details of error are as follows.

TNS-01194: The listener command did not arrive in a secure transport
Cause: Most of the listener administrative commands are only intended to be issued in a secure transport, which are configured in secure_control_ parameter. If the parameter is set, then the listener accepts administrative requests only on those secure transports.
Action: Make sure the command is issued using a transport specified in secure transport list.
  
 If SECURE_CONTROL_listener name=(TCPS) is set in the listener.ora file, the Lsnrctl utility is restricted to use ONLY the secure protocol or TCPS to communicate with the listener process.
Create self signed certificate
  
[oracle@<hostname>]$ mkdir /u01/app/oracle/product/12.1.0/server_wallet

[oracle@<hostname>]$ cd /u01/app/oracle/product/12.1.0/server_wallet

oracle@<hostname> server_wallet]$ orapki wallet create -wallet /u01/app/oracle/product/12.1.0/server_wallet -auto_login -pwd <password>
Oracle PKI Tool : Version 12.1.0.1
Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.
 
Check ls -la:
[oracle@<hostname> server_wallet]$ ls -la /u01/app/oracle/product/12.1.0/server_wallet
total 16
drwxrwxr-x. 2 oracle oracle 4096 May 19 17:33 .
drwxr-xr-x. 4 oracle oracle 4096 May 19 17:33 ..
-rw-------. 1 oracle oracle 2901 May 19 17:33 cwallet.sso
-rw-------. 1 oracle oracle 0 May 19 17:33 cwallet.sso.lck
-rw-------. 1 oracle oracle 2856 May 19 17:33 ewallet.p12
-rw-------. 1 oracle oracle 0 May 19 17:33 ewallet.p12.lck


[oracle@<hostname> server_wallet]$  orapki wallet add -wallet /u01/app/oracle/product/12.1.0/server_wallet -dn "CN=server" -keysize 512 -self_signed -validity 365 -pwd <password>
Oracle PKI Tool : Version 12.1.0.1
Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.
$ cat sqlnet.ora
# sqlnet.ora Network Configuration File: /u01/app/oracle/product/12.1.0/dbhome_1/network/admin/sqlnet.ora
# Generated by Oracle configuration tools.

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
SQLNET.AUTHENTICATION_SERVICES=(BEQ,TCPS) <<<<<<<<<<<<<<<<<<<<<<<<<<<<<must be added
WALLET_LOCATION = (SOURCE= (METHOD=File)(METHOD_DATA=(DIRECTORY=/u01/app/oracle/product/12.1.0/server_wallet))) <<< wallet location for tcps connections

cat listener.ora
cat: listener.ora: No such file or directory
[oracle@<hostname> admin]$ cat listener.ora
# listener.ora Network Configuration File: /u01/app/oracle/product/12.1.0/dbhome_1/network/admin/listener.ora   <<< wallet location for tcps connections
# Generated by Oracle configuration tools.

LISTENER =
   (DESCRIPTION_LIST =
     (DESCRIPTION =
        (ADDRESS = (PROTOCOL = TCPS)(HOST = <hostname>)(PORT = <SSL_port>))              <<<place the tcps connect string in the first place
        (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1520))
        (ADDRESS = (PROTOCOL = TCP)(HOST = <hostname>)(PORT = <TCP_port>))
       )
    )    
WALLET_LOCATION = (SOURCE= (METHOD=File)(METHOD_DATA=(DIRECTORY=/u01/app/oracle/product/12.1.0/server_wallet))) 
 
 
$ lsnrctl start

LSNRCTL for Linux: Version 12.1.0.1.0 - Production on 19-MAY-2017 17:37:51

Copyright (c) 1991, 2013, Oracle. All rights reserved.

Starting /u01/app/oracle/product/12.1.0/dbhome_1/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 12.1.0.1.0 - Production
System parameter file is /u01/app/oracle/product/12.1.0/dbhome_1/network/admin/listener.ora
Log messages written to /u01/app/oracle/diag/tnslsnr/<sid>/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=<hostname>)(PORT=<SSL_port>)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1520)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=<hostname>)(PORT=<TCP_port>)))

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=<hostname>)(PORT=<SSL_port>))) <<<lsnrctl using TCPS

STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 12.1.0.1.0 - Production
Start Date 19-MAY-2017 17:37:51
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/12.1.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/<sid>/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=<hostname>)(PORT=<SSL_port>)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1520)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=<hostname>)(PORT=<TCP_port>)))
The listener supports no services
The command completed successfully



[oracle@<hostname> admin]$ lsnrctl status

LSNRCTL for Linux: Version 12.1.0.1.0 - Production on 19-MAY-2017 17:38:06

Copyright (c) 1991, 2013, Oracle. All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=<hostname>)(PORT=<SSL_port>))) <<<Status command shows using TCPS
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 12.1.0.1.0 - Production
Start Date 19-MAY-2017 17:37:51
Uptime 0 days 0 hr. 0 min. 15 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/12.1.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/<sid>/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=<hostname>)(PORT=<SSL_port>)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1520)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=<hostname>)(PORT=<TCP_port>)))
Services Summary...
 
 
 
 
 
Do you want to learn more details about RMAN, then read the following articles.
https://ittutorial.org/rman-backup-restore-and-recovery-tutorials-for-beginners-in-the-oracle-database/
 
  
About Mehmet Salih Deveci



I am Founder of SysDBASoft IT and IT Tutorial and Certified Expert about Oracle & SQL Server database, Goldengate, Exadata Machine, Oracle Database Appliance administrator with 10+years experience.I have OCA, OCP, OCE RAC Expert Certificates I have worked 100+ Banking, Insurance, Finance, Telco and etc. clients as a Consultant, Insource or Outsource.I have done 200+ Operations in this clients such as Exadata Installation & PoC & Migration & Upgrade, Oracle & SQL Server Database Upgrade, Oracle RAC Installation, SQL Server AlwaysOn Installation, Database Migration, Disaster Recovery, Backup Restore, Performance Tuning, Periodic Healthchecks.I have done 2000+ Table replication with Goldengate or SQL Server Replication tool for DWH Databases in many clients.If you need Oracle DBA, SQL Server DBA, APPS DBA,  Exadata, Goldengate, EBS Consultancy and Training you can send my email adress [email protected].-                                                                                                                                                                                                                                                 -Oracle DBA, SQL Server DBA, APPS DBA,  Exadata, Goldengate, EBS ve linux Danışmanlık ve Eğitim için  [email protected] a mail atabilirsiniz.





Leave a Reply 
Your email address will not be published. Required fields are marked *
 
 
 


Powered by IT Tutorial | Designed by SysDBASoft IT

IT Tutorial © Copyright 2024, All Rights Reserved