1. Security Guide
  2. Enabling JDBC Over TLS

Enabling JDBC Over TLS

Enabling JDBC over TLS is a prerequisite to configuring SSO with a database security adapter, where an encrypted database connection (over TLS) is required for a secure production environment.

The procedure to enable JDBC over TLS is different depending on the selected database type, which can be one of the following:

Oracle Database Enterprise Edition

To enable JDBC over TLS for Oracle Database Enterprise Edition:

  1. Copy over the wallet directory containing the wildcard certificates from the Oracle database server location and put the directory into a new wallet folder location on the client, for example, as follows: <path>\network\admin\wallet.

  2. Make sure all files in the wallet folder can be read by the end user running sqlplus.

  3. Modify the client sqlnet.ora as follows:

    <-- Changes required in client sqlnet.ora -->
WALLET_LOCATION =(SOURCE =(METHOD = FILE)(METHOD_DATA =(DIRECTORY = <path>\network\admin\wallet)))
SQLNET.AUTHENTICATION_SERVICES = (TCPS,NTS,NONE)
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION=1.2
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)

  4. Add the following connection string to tnsnames.ora: 

    <-- Changes required in tnsnames.ora ->
ora19_tls = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCPS)(HOST = slc1****.us.oracle.com)(PORT = 2*8*))) 
(CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = test)) )

  5. Connect using sqlplus and test it: 

    sqlplus <username>/<password>@ora19_tls

  6. Get the CA Certificate file from the Oracle Server.

  7. Import the CA file into the trust store used by the Gateway:

    keytool -import -trustcacerts -file <Oracle CA file path> -keystore <truststorepath\siebeltruststorename.jks>

Microsoft SQL Server

To enable JDBC over TLS for Microsoft SQL Server:

  1. Get the CA Certificate file from the SQL server.

  2. Import the CA file into the trust store used by the Gateway:

    keytool -import -trustcacerts -file <sql server CA file path> -keystore <truststorepath\siebeltruststorename.jks>

IBM DB2

To enable JDBC over TLS for IBM DB2:

  1. Get the CA Certificate file from the DB2 server.

  2. Import the CA file into the trust store used by the Gateway:

    keytool -import -trustcacerts -file <DB2 CA file path> -keystore <truststorepath\siebeltruststorename.jks>