Site icon IT Tutorial

TNS-01194: The listener command did not arrive in a secure transport

Mehmet Salih Deveci

Hi,

Sometimes You can get “TNS-01194: The listener command did not arrive in a secure transport ” error.

 

Details of error are as follows.

TNS-01194: The listener command did not arrive in a secure transport
Cause: Most of the listener administrative commands are only intended to be issued in a secure transport, which are configured in secure_control_ parameter. If the parameter is set, then the listener accepts administrative requests only on those secure transports.
Action: Make sure the command is issued using a transport specified in secure transport list.












 If SECURE_CONTROL_listener name=(TCPS) is set in the listener.ora file, the Lsnrctl utility is restricted to use ONLY the secure protocol or TCPS to communicate with the listener process.




Create self signed certificate


[oracle@<hostname>]$ mkdir /u01/app/oracle/product/12.1.0/server_wallet

[oracle@<hostname>]$ cd /u01/app/oracle/product/12.1.0/server_wallet

oracle@<hostname> server_wallet]$ orapki wallet create -wallet /u01/app/oracle/product/12.1.0/server_wallet -auto_login -pwd <password>
Oracle PKI Tool : Version 12.1.0.1
Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.


 


Check ls -la:


[oracle@<hostname> server_wallet]$ ls -la /u01/app/oracle/product/12.1.0/server_wallet
total 16
drwxrwxr-x. 2 oracle oracle 4096 May 19 17:33 .
drwxr-xr-x. 4 oracle oracle 4096 May 19 17:33 ..
-rw-------. 1 oracle oracle 2901 May 19 17:33 cwallet.sso
-rw-------. 1 oracle oracle 0 May 19 17:33 cwallet.sso.lck
-rw-------. 1 oracle oracle 2856 May 19 17:33 ewallet.p12
-rw-------. 1 oracle oracle 0 May 19 17:33 ewallet.p12.lck


[oracle@<hostname> server_wallet]$  orapki wallet add -wallet /u01/app/oracle/product/12.1.0/server_wallet -dn "CN=server" -keysize 512 -self_signed -validity 365 -pwd <password>
Oracle PKI Tool : Version 12.1.0.1
Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.


$ cat sqlnet.ora
# sqlnet.ora Network Configuration File: /u01/app/oracle/product/12.1.0/dbhome_1/network/admin/sqlnet.ora
# Generated by Oracle configuration tools.

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
SQLNET.AUTHENTICATION_SERVICES=(BEQ,TCPS) <<<<<<<<<<<<<<<<<<<<<<<<<<<<<must be added
WALLET_LOCATION = (SOURCE= (METHOD=File)(METHOD_DATA=(DIRECTORY=/u01/app/oracle/product/12.1.0/server_wallet))) <<< wallet location for tcps connections

cat listener.ora
cat: listener.ora: No such file or directory
[oracle@<hostname> admin]$ cat listener.ora
# listener.ora Network Configuration File: /u01/app/oracle/product/12.1.0/dbhome_1/network/admin/listener.ora   <<< wallet location for tcps connections
# Generated by Oracle configuration tools.

LISTENER =
   (DESCRIPTION_LIST =
     (DESCRIPTION =
        (ADDRESS = (PROTOCOL = TCPS)(HOST = <hostname>)(PORT = <SSL_port>))              <<<place the tcps connect string in the first place
        (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1520))
        (ADDRESS = (PROTOCOL = TCP)(HOST = <hostname>)(PORT = <TCP_port>))
       )
    )    
WALLET_LOCATION = (SOURCE= (METHOD=File)(METHOD_DATA=(DIRECTORY=/u01/app/oracle/product/12.1.0/server_wallet))) 


 


 


$ lsnrctl start

LSNRCTL for Linux: Version 12.1.0.1.0 - Production on 19-MAY-2017 17:37:51

Copyright (c) 1991, 2013, Oracle. All rights reserved.

Starting /u01/app/oracle/product/12.1.0/dbhome_1/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 12.1.0.1.0 - Production
System parameter file is /u01/app/oracle/product/12.1.0/dbhome_1/network/admin/listener.ora
Log messages written to /u01/app/oracle/diag/tnslsnr/<sid>/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=<hostname>)(PORT=<SSL_port>)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1520)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=<hostname>)(PORT=<TCP_port>)))

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=<hostname>)(PORT=<SSL_port>))) <<<lsnrctl using TCPS

STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 12.1.0.1.0 - Production
Start Date 19-MAY-2017 17:37:51
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/12.1.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/<sid>/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=<hostname>)(PORT=<SSL_port>)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1520)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=<hostname>)(PORT=<TCP_port>)))
The listener supports no services
The command completed successfully



[oracle@<hostname> admin]$ lsnrctl status

LSNRCTL for Linux: Version 12.1.0.1.0 - Production on 19-MAY-2017 17:38:06

Copyright (c) 1991, 2013, Oracle. All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=<hostname>)(PORT=<SSL_port>))) <<<Status command shows using TCPS
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 12.1.0.1.0 - Production
Start Date 19-MAY-2017 17:37:51
Uptime 0 days 0 hr. 0 min. 15 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/12.1.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/<sid>/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=<hostname>)(PORT=<SSL_port>)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1520)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=<hostname>)(PORT=<TCP_port>)))
Services Summary...


 


 


 


 


 


Do you want to learn more details about RMAN, then read the following articles.


https://ittutorial.org/rman-backup-restore-and-recovery-tutorials-for-beginners-in-the-oracle-database/


 

	


	






		

			
				Exit mobile version