Update Network Options to Allow TLS or Require Only Mutual TLS (mTLS) Authentication on Autonomous Database

Describes how to update the secure client connection authentication options, Mutual TLS (mTLS) and TLS.

Network Access Prerequisites for TLS Connections

Describes the network access configuration prerequisites for TLS connections.

To allow an Autonomous Database instance to use TLS connections, either ACLs must be defined or a private endpoint must be configured:

  • When an Autonomous Database instance is configured to operate over the public internet, one or more Access Control Lists (ACLs) must be defined before you use TLS authentication to connect to the database. To validate that ACLs are defined, in the Network area on the Autonomous Database Details page view the Access Control List field. This field shows Enabled when ACLs are defined and shows Disabled when ACLs are not defined.

    See Configuring Network Access with Access Control Rules (ACLs) for more information.

  • When an Autonomous Database instance is configured with a private endpoint you can use TLS authentication to connect to the database. To validate that a private endpoint is defined, in the Network area on the Autonomous Database Details page view the Access Type field. This field shows Virtual Cloud Network when a private endpoint is defined.

    See Configure Network Access with Private Endpoints for more information.

Note

When an Autonomous Database instance is configured with the network access type: Allow secure access from everywhere, you can only use TLS connections to connect to the database if you specify ACLs to restrict access.

Update your Autonomous Database Instance to Allow both TLS and mTLS Authentication

If your Autonomous Database instance is configured to only allow mTLS connections, you can update the instance to allow both mTLS and TLS connections.

When you update your configuration to allow both mTLS and TLS, you can use both authentication types at the same time and connections are no longer restricted to require mTLS authentication.

You can allow TLS connections when network access is configured as follows:

  • With network access configured with ACLs defined.

  • With network access configured with a private endpoint defined.

Note

When you configure your Autonomous Database instance network access with ACLs or a private endpoint, the ACLs or the private endpoint apply for both mTLS and TLS connections.

Perform the network access configuration prerequisites. See Network Access Prerequisites for TLS Connections for more information.

Perform the following steps as necessary:

  • Open the Oracle Cloud Infrastructure Console by clicking the navigation icon next to Oracle Cloud.

  • From the Oracle Cloud Infrastructure left navigation menu click Oracle Database and then, depending on your workload click one of: Autonomous Data Warehouse, Autonomous JSON Database, or Autonomous Transaction Processing.
  • On the Autonomous Databases page select your Autonomous Database from the links under the Display name column.

To change the Autonomous Database instance to allow TLS authentication, do the following:

  1. On the Autonomous Database Details page, under Network, click Edit in the Mutual TLS (mTLS) Authentication field.

    This shows the Edit Mutual TLS Authentication page.

  2. To change the value to allow TLS authentication, deselect Require mutual TLS (mTLS) authentication.
    Description of adb_network_authentication_tls.png follows
  3. Click Update.

    The Autonomous Database Lifecycle State changes to Updating.

    After some time, the Lifecycle State shows Available and the Mutual TLS (mTLS) Authentication field changes to show Not Required.

After you define ACLs or configure a private endpoint and the Mutual TLS (mTLS) Authentication field shows Not Required, the ACLs or the private endpoint you specify apply to all connection types (mTLS and TLS).

Depending on the type of client, TLS connections have the following support with Autonomous Database:

Update your Autonomous Database Instance to Require mTLS and Disallow TLS Authentication

If your Autonomous Database instance is configured to allow TLS connections, you can update the instance to require mTLS connections and disallow TLS connections.

Note

When you update an Autonomous Database instance to require Mutual TLS (mTLS) connections, existing TLS connections are disconnected.

Perform the following steps as necessary:

  • Open the Oracle Cloud Infrastructure Console by clicking the navigation icon next to Oracle Cloud.

  • From the Oracle Cloud Infrastructure left navigation menu click Oracle Database and then, depending on your workload click one of: Autonomous Data Warehouse, Autonomous JSON Database, or Autonomous Transaction Processing.
  • On the Autonomous Databases page select your Autonomous Database from the links under the Display name column.

To change the Autonomous Database instance to require mTLS authentication and to not allow TLS authentication, do the following:

  1. On the Autonomous Database Details page, under Network, click Edit in the Mutual TLS (mTLS) Authentication field.

    This shows the Edit Mutual TLS Authentication page.

  2. Select Require mutual TLS (mTLS) authentication.
    Description of adb_network_authentication_mtls.png follows
  3. Click Update.

    The Autonomous Database Lifecycle State changes to Updating.

    After some time, the Lifecycle State shows Available and the Mutual TLS (mTLS) Authentication field changes to show Required.