Creating secrets to protect sensitive Oracle SSL configuration data
If you plan to use SSL for your Oracle database, create a secret manually to protect the certificate data for the database.
About this task
Procedure
What to do next
First, add the secret to your trusted certificate list in the
shared
configuration:
shared_configuration:
trusted_certificate_list
- <your-secret-name>
The
following values specify the SSL database
configuration:
dc_ssl_enabled: true
For example, for the relevant datasource for your FileNet® Content Manager deployment, your CR might look like the following sample snip:
shared_configuration:
trusted_certificate_list
- ibm-oracle-ssl-cert-secret
datasource_configuration:
#the candidate value is "db2" or "db2HADR" or "oracle" or "sqlserver" or "postgresql"
dc_ssl_enabled: true
dc_gcd_datasource:
dc_database_type: "oracle"
database_servername: "hostname.fyre.ibm.com"
database_name: "GCDDB"
database_port: "5555"
dc_oracle_gcd_jdbc_url: "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=hostname.fyre.ibm.com)(PORT=5555))(CONNECT_DATA=(SERVICE_NAME=orcl)))"
dc_os_datasources:
- dc_database_type: "oracle"
database_servername: "hostname.fyre.ibm.com"
database_name: "OS1DB"
database_port: "5555"
dc_oracle_os_jdbc_url: "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=hostname.fyre.ibm.com)(PORT=5555))(CONNECT_DATA=(SERVICE_NAME=orcl)))"
Also
remember to add the database user name and password to the
ibm-fncm-secret
.