Configuring a database to connect to SSL/TLS secured sites is one of those things I do often enough to know there’s a procedure but not frequently enough that I breeze through it painlessly. I usually find my way back to Ruben de Vries’ excellent post on the topic. The openssl commands to pull certificates directly onto a host saves the tedium of opening a browser, downloading and transferring files to a database server. His explanation of the process and components is informative.

Last week I found myself troubleshooting certificate validation issues for some developers. The list of sites the team needs to access is lengthy and each environments, from development through production, has different sites and certificate requirements.

Traditionally this might be handled with individual requests for each environment, creating a dependency on the DBA. Development teams can’t work until the DBA adds sites to the wallet. If you get someone like me—who vaguely remembers the procedure—it may take a bit until I stumble on Ruben’s post to find the precise steps!

Adding certificates is repetitive business and repetitive things are candidates for automation. Scripting the process makes sense in multiple ways:

• Passing wallet and site information to a script is faster than doing it manually;

• Developers can run scripts as easily as a DBA and, at least in lower environments, removes dependency on a DBA while freeing DBAs to focus on strategic work;

• Building from code is a more reliable, repeatable way of doing things.

This is what I appreciate about the DevOps mindset—it empowers teams to get work done without introducing unnecessary gatekeeping! Plus, it means I get to write a fun script to retrieve certificates and add them to wallets!

The script is available on GitHub and has been tested in a handful of 12c environments. Please let me know if you find it useful or have suggestions for additional features.