Skip to main content
Skip table of contents

Set up Oracle database in Certificate Manager

This article describes how to install and set up the Oracle database, used in Smart ID Certificate Manager.

For detailed information about how to install an Oracle database, see the Oracle documentation available at



When Oracle is used for the CMDB database, tables and users must be created before the CM server is installed.

  1. Download the Oracle Database installation package.
  2. During installation of the Oracle database, do the following:
    1. Extract the Oracle database scripts located at program_files/install/Oracle, from the server installation zip file, cm_server_<version>.zip.
    2. Decide whether the table spaces should be stored in the ordinary file system on the Oracle server or in the ASM (Automatic Storage Management).

    3. If they are to be stored in ASM, create_tablespace_and_user_cm.sql has to be adjusted. Make changes according to the following example:

      Create tablespace CMDB datafile 'cmdb.dbf' size 100m reuse autoextend on next 100m;

      should be changed to:

      Create tablespace CMDB datafile '+DATA' size 100m reuse autoextend on next 100m;

      DATA is just an example name of an ASM disk group. Read more about ASM groups on

Step-by-step instruction

Do settings on the Oracle server
  1. Login as an Oracle database administrator (dba) user in the operating system and run the script, that creates the tablespace and the lcmadmin user:

    sqlplus sysdba/<password> @create_tablespace_and_user_cm.sql >create_tsu.log
  2. Check the log file.

  3. Run the script for creating the CMDB tables:

    sqlplus lcmadmin/REQreq01 @create_cmdb.sql >create_cmdb.log
  4. Check the log file.

Do settings on the CM server
  1. When installing the CM server, include the JDBC component to create the Oracle database connection parameters, which are stored in the cm.conf configuration file. The instance name is usually orcl, in Oracle Express it is XE.
Secure the connection
  1. Enable TLS support for the connection to the Oracle database server. 
    Oracle database supports client authentication for the TLS connection based on certificates. Enable this feature to further enhance the security between CM and the Oracle database. A complete guide on how to enable TLS with client authentication can be found here:
  2. After completing the guide and installing the database's certificate and the trusted issuer's certificate on the Oracle database, additional changes are required in the cm.conf file in order for CM and the Oracle JDBC driver to be able to connect to the database. A detailed explanation of relevant parameters of the Oracle JDBC driver can be found here: database/enterprise-edition/wp-oracle-jdbc-thin-ssl-130128.pdf
    Follow these steps:
    1. Change the parameter to provide the whole connection information as defined in the Oracle database file tnsnames.ora.
      For example:

      Example: Change

      CODE = jdbc:oracle:thin:@(DESCRIPTION=
      (ADDRESS= (PROTOCOL=tcps)
      (HOST=localhost) (PORT=1521) ) (CONNECT_DATA= (SERVER =
    2. To pass any additional required parameter to the Oracle JDBC driver, add new parameters.
      For example:

      Example: Additional parameters

      CODE = <parameter_name> = <parameter_value>
    3. In order for the Oracle JDBC to trust the Oracle database's certificate, the certificate's issuer has to be trusted. To achieve this, add the issuer's certificate in a keystore with trusted certificates.
      For example:

      Example: Add issuer's certificate in keystore with trusted certificates

      CODE = = <path_to_keystore_file> = = JKS = = <keystore_password>
    4. If TLS client authentication is also activated on the server, the Oracle JDBC driver needs to be provided with the key and certificate to be used for authenticating to the Oracle database. This certificate has to be signed by an issuer trusted by the Oracle database.
      For example:

      Example: Sign certificate by an issuer trusted by the Oracle database

      ;If PKCS12 file is used as storage for key and certificate = = <path_to_p12_file> = = PKCS12 = = <p12_password>
      ;If JKS keystore file is used
      ; = = <path_to_JKS_file>
      ; = = JKS
      ; = = <keystore_password>

Related information

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.