Configuring SSL in Oracle

You can configure SSL with the Oracle database so that the connection between Sterling B2B Integrator and the database is established during installation and runtime.

The SSL feature provides a secure communication channel between Sterling B2B Integrator and Oracle.

Installing

You can enable the SSL option through IBM Installation Manager using the GUI or a silent response file.

Installing using GUI

Perform the following steps:

  1. From Database Vendor Selection in the left navigation pane, select Oracle from Database Vendor.

    A new option, Use SSL appears on the screen.

  2. Select the Use SSL option.
  3. Specify the following fields:
    Field Name Description
    Truststore File Mandatory. File path of the truststore for SSL connection.
    Truststore Password Mandatory. Password for the truststore key.
    Keystore File File path of the keystore. Optional. Required only for two-way SSL connection. The JKS keystore type is supported.
    Keystore Password Password for the keystore file. Optional. Required only for two-way SSL connection.
    TLS Version Mandatory. TLS version to be used for the connection. The default value is 1.2. Optional.
  4. Click Next to continue the installation.

    A secure connection is established between Sterling B2B Integrator and the Oracle database.

Installing using silent file

Add the following parameters to the response file:
Parameter Value SSL
user.sb.useSSL Indicates whether SSL with the Oracle database is turned on or off. The values used are True or False. Required
user.sb.trustStore Path of the truststore file in the file system Required
user.sb.trustStorePassword Password of the truststore key in plain text format Required
user.sb.keyStore Path of the keystore file in the file system Optional
user.sb.keyStorePassword Password of the keystore key in plain text format Optional
user.sb.tls_version TLS protocol version value. The default value is 1.2. Optional

Upgrading

You can upgrade with the SSL option through IBM Installation Manager using the GUI or a silent response file.
Note: A one-time change is required which needs to be done prior to the upgrade.

In place upgrade

There are 2 scenarios for upgrade -
  • Upgrade to a new version with the first time SSL setup
  • Upgrade to a new version that already has SSL connectivity
For both the upgrade scenarios, you need to enable the following properties (SSL parameters) in the sandbox.cfg file.
  • useSSL
  • trustStore
  • trustStorePassword
  • keyStore
  • keyStorePassword
Follow these steps to upgrade:
  1. Hardstop the server.
  2. Add the SSL entries in the sandbox.cfg file.
  3. Run setupfiles.sh for Linux or Unix.

    OR

    Run setup.cmd for Windows.

  4. Perform the upgrade.
  5. Restart the server.

Upgrade to a new directory

There are 2 scenarios for upgrade:
  • Upgrade to a new version with the first time SSL setup
  • Upgrade to a new version that already has SSL connectivity

In both the cases, you need to enable the SSL parameters either from the GUI or the silent file and perform the same steps as in place upgrade.