Started with checking the configuration and testing the stuff that used to work. You don't know, nowadays, with these gremlins.
And sure enough:
D:\>tnsping o1003
TNS Ping Utility for 32-bit Windows: Version 10.1.0.4.0 - Production on 16-FEB-2006 15:36:29
Copyright (c) 1997, 2003, Oracle. All rights reserved.
Used parameter files:
D:\oracle\ora92\network\ADMIN\sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCPS)(HOST = 192.168.1.199)(PORT = 2484))) (CONNECT_DATA = (SERVICE_NAME = o10gR1))
( SECURITY = (SSL_SERVER_CERT_DN = cn=o10gR1,cn=OracleContext,dc=cs,dc=nl)))
TNS-12560: TNS:protocol adapter error
So, what is wrong here? That used to work!
Same here; this test worked, too!
D:\>sqlplus system@o10ssl
SQL*Plus: Release 10.1.0.4.0 - Production on Thu Feb 16 15:35:44 2006
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Enter password:
ERROR:
ORA-28759: failure to open file
Okay - I know that one: the wallet is not set for autologin. Fired up the wallet manager, and changed that; the error is now more what I expected:
ORA-29003: SSL transport detected mismatched server certificate.
So, I am going to continue this, without the server authentication (which you can see, works! or rather, fails, and thus proves to work).
Let's create a demouser on the server:
[oracle10@csdb01 admin]$ sqlplus system/manager
SQL*Plus: Release 10.1.0.4.0 - Production on Thu Feb 16 16:43:10 2006
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.1.0.4.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> create user certdemo identified externally as 'CN=frankbo, O=CarrotSoft, C=NL';
User created.
SQL> grant create session to certdemo;
Grant succeeded.
SQL>
Okay, let's see if I can login from my (Windows) client:
D:\>sqlplus /nolog
SQL*Plus: Release 10.1.0.4.0 - Production on Thu Feb 16 15:56:39 2006
Copyright (c) 1982, 2005, Oracle. All rights reserved.
SQL> connect / @o1003
ERROR:
ORA-01017: invalid username/password; logon denied
Hmmmm. This seems to be some weird mismatch between globally and externally defined users; the used syntax seems to be OK for 10g Release 2. Thanks to Fabrizio, who hinted that here.
SO, let's revert on the server:
SQL> drop user certdemo cascade;
User dropped.
SQL> create user certdemo identified globally as 'CN=frankbo, O=CarrotSoft, C=NL';
User created.
SQL> grant create session to certdemo;
Grant succeeded.
And try the client again:
SQL> connect /@o1003
Connected.
SQL> show user
USER is "CERTDEMO"
SQL>
So, finally, I'm able to say: finally!