Configuring Sterling B2B Integrator for data traffic encryption in Oracle
You can enable data traffic encryption-only, with anonymous authentication, and not SSL authentication.
If you want to use SSL for encryption only, it is recommended to follow the instructions in the "CASE #1: USE SSL FOR ENCRYPTION ONLY" section of the Oracle documentation. It is not necessary to configure certificates for the wallet. In this mode, Diffie-Hellman ciphers are used, and the server and the client are not authenticated through SSL. You must authenticate by using a user name and a password.
However, if you are running Sterling B2B Integrator on a system that requires an IBM® JDK, you cannot use this mode, as IBM JSSE TrustManager does not permit anonymous ciphers. You must configure wallets with certificates.
This procedure is applicable only if you are running Sterling B2B Integrator on a system that requires Sun JDK. The IBM JSSE TrustManager does not permit anonymous ciphers.
If your Sterling B2B Integrator is a cluster installation, you need to perform this procedure on each node, starting with node 1.
To configure Sterling B2B Integrator for data traffic encryption in Oracle:
- Install Sterling B2B Integrator in TCP (clear) mode.
- Stop Sterling B2B Integrator.
- Open the /<install_dir>/properties directory.
Open the customer_overrides.properties file and add the following database
DB connection parameters with example values included: jdbcService.oraclePool.prop_javax.net.ssl.trustStore=/opt/5263/ssl/trust.jks jdbcService.oraclePool.prop_javax.net.ssl.trustStoreType=JKS jdbcService.oraclePool.prop_javax.net.ssl.trustStorePassword=password1 jdbcService.oraclePool.prop_oracle.net.ssl_version=1.2 jdbcService.oraclePool.prop_javax.net.ssl.keyStore=/opt/5263/ssl/identity.jks jdbcService.oraclePool.prop_javax.net.ssl.keyStoreType=JKS jdbcService.oraclePool.prop_javax.net.ssl.keyStorePassword=password1If you have a configured container, ensure that the same database information is added to the customer_overrides.properties.in file. To locate the file, navigate to the /<install_dir>/properties/nodexACy directory, where
xgives the node number and
ygives the container number. Perform this step for all the containers configured in the system.
- Repeat Step 4 for the following Oracle connection pools by changing only the pool
If you have any other database pools, you need to add the properties for those pools.
- Open the
sandbox.cfgfile and change the database connection information as shown.
ORACLE_JDBC_URL= jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps) (HOST=)(PORT=)) (CONNECT_DATA=(SERVICE_NAME=)))Make sure that you enter values for the HOST, PORT, and SERVICE_NAME parameters.
Add the following properties to
sandbox.cfgto configure SSL at runtime:
useSSL=true trustStore=/opt/5263/ssl/trust.jks trustStorePassword=password1 keyStore=/opt/5263/ssl/identity.jks keyStorePassword=password1 tls_version=1.2
- Open the /<install_dir>/bin directory.
- Enter the command ./setupfiles.sh.
Restart Sterling B2B Integrator.
All the database connections from Sterling B2B Integrator are now connected through TCPS (encrypted) mode.