Community

Network encryption between connectors and Oracle database sources

Ken Smith User

April 17, 2026 16:46

Which connector?: Oracle database

Additional details: Fivetran requires that we enable TLS when using an Oracle database source. The industry standard will reduce the TLS certificate expiration to 100 days on March 15, 2027, and to 47 days on March 15, 2029. Replacing the Oracle database certificate requires a brief database outage, and requires that we manually discover the certificate using the Fivetran console. Our Oracle databases are configured for Oracle's Native Network Encryption (NNE) for client and app connections. We also configure those databases with TLS for Fivetran access. That is the only reason we've implemented TLS. Given the impending shortened certificate expiration windows, and the disruption this will cause, I would like to request that Fivetran support Oracle's Native Network Encryption for communicating between the connector and the database.

Please sign in to leave a comment.

Comments

1 comment

Official comment

Pieter Humphrey Fivetranner
- April 21, 2026 22:13
- Edited
Hi Ken! Supporting a new encryption protocol is a pretty heavy engineering lift. I have some other ideas:
- Are you trusting end certs every time and that gets rotated frequently?
- If so, can you trust the root cert?
- If you are already trusting root cert and the root cert keeps changing frequently
- Are these hosted CSP databases and so have default root CAs that Fivetran can directly trust?

Official comment

Pieter Humphrey Fivetranner

April 21, 2026 22:13
Edited

Hi Ken! Supporting a new encryption protocol is a pretty heavy engineering lift. I have some other ideas:

Are you trusting end certs every time and that gets rotated frequently?
If so, can you trust the root cert?
If you are already trusting root cert and the root cert keeps changing frequently
Are these hosted CSP databases and so have default root CAs that Fivetran can directly trust?