Configuring Sterling B2B Integrator for data traffic encryption in Oracle

You can enable data traffic encryption-only, with anonymous authentication, and not SSL authentication.

About this task

If you want to use SSL for encryption only, it is recommended to follow the instructions in the "CASE #1: USE SSL FOR ENCRYPTION ONLY" section of the Oracle documentation. It is not necessary to configure certificates for the wallet. In this mode, Diffie-Hellman ciphers are used, and the server and the client are not authenticated through SSL. You must authenticate by using a user name and a password.

However, if you are running Sterling B2B Integrator on a system that requires an IBM® JDK, you cannot use this mode, as IBM JSSE TrustManager does not permit anonymous ciphers. You must configure wallets with certificates.

This procedure is applicable only if you are running Sterling B2B Integrator on a system that requires Sun JDK. The IBM JSSE TrustManager does not permit anonymous ciphers.

If your Sterling B2B Integrator is a cluster installation, you need to perform this procedure on each node, starting with node 1.

Procedure

To configure Sterling B2B Integrator for data traffic encryption in Oracle:

  1. Install Sterling B2B Integrator in TCP (clear) mode.
  2. Stop Sterling B2B Integrator.
  3. Open the /<install_dir>/properties directory.
  4. Open the customer_overrides.properties file and add the following database connection information: 
    DB connection parameters with example values included:
jdbcService.oraclePool.prop_javax.net.ssl.trustStore=/opt/5263/ssl/trust.jks
jdbcService.oraclePool.prop_javax.net.ssl.trustStoreType=JKS
jdbcService.oraclePool.prop_javax.net.ssl.trustStorePassword=password1
jdbcService.oraclePool.prop_oracle.net.ssl_version=1.2
jdbcService.oraclePool.prop_javax.net.ssl.keyStore=/opt/5263/ssl/identity.jks
jdbcService.oraclePool.prop_javax.net.ssl.keyStoreType=JKS
jdbcService.oraclePool.prop_javax.net.ssl.keyStorePassword=password1
    If you have a configured container, ensure that the same database information is added to the customer_overrides.properties.in file. To locate the file, navigate to the /<install_dir>/properties/nodexACy directory, where x gives the node number and y gives the container number. Perform this step for all the containers configured in the system.
  5. Repeat Step 4 for the following Oracle connection pools by changing only the pool name:
    • oraclePool_local
    • oraclePool_NoTrans
    • oracleArchivePool
    • oracleUIPool
    If you have any other database pools, you need to add the properties for those pools.
  6. Open the sandbox.cfg file and change the database connection information as shown. 
    
ORACLE_JDBC_URL= jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps) (HOST=)(PORT=)) (CONNECT_DATA=(SERVICE_NAME=)))
    Make sure that you enter values for the HOST, PORT, and SERVICE_NAME parameters.

    Add the following properties to sandbox.cfg to configure SSL at runtime:

    
useSSL=true
trustStore=/opt/5263/ssl/trust.jks
trustStorePassword=password1
keyStore=/opt/5263/ssl/identity.jks
keyStorePassword=password1
tls_version=1.2
  7. Open the /<install_dir>/bin directory.
  8. Enter the command ./setupfiles.sh.
  9. Restart Sterling B2B Integrator.
    All the database connections from Sterling B2B Integrator are now connected through TCPS (encrypted) mode.