SSL communication properties
Assuming that the NoSQL server is secured by SSL, client connections from Oracle NoSQL Database administrative clients will need to connect over SSL as well. This can be achieved by providing security properties for the connection.
For Oracle-provided command line tools, a security file must be specified. The security configuration process automatically generates a basic security file (client.security)
that can be used to connect to the store. You may wish to make a copy of this and modify it to include additional configuration properties.
The minimal configuration needed to connect to a secure store includes setting the following properties:
-
oracle.kv.transport=ssl
Directs KVStore clients and utilities to connect to the KVStore RMI registry via SSL.
-
oracle.kv.ssl.trustStore=<path-to-ssl-truststore>
Names a copy of the truststore file generated by
makebootconfig
orsecurityconfig
to enable validation of the KVStore server SSL certificate.Note:
You can use SSL to communicate an application with other SSL servers without using truststore-based certification validation.
In addition to the two properties listed above, the following properties are also supported for control of SSL communications:
-
oracle.kv.ssl.ciphersuites
Specifies a comma-separated list of SSL cipher suites that should be allowed in communication with the server.
-
oracle.kv.ssl.protocols
Specifies a comma-separated list of SSL protocols that should be allowed in communication with the server.
-
oracle.kv.ssl.trustStoreType
Specifies the type of truststore being used. If not specified, the default type for the Java runtime is used.
Note:
Applications may also set these security properties through API methods on KVStoreConfig.