In this section, you learn how to set up a secure connection using Oracle database for
Liberty.
About this task
You can set up a secure connection using Oracle database for Liberty. Make
sure the database sever is configured to allow SSL connection, and the DBA has a valid
ewallet file ready. By default, the ewallet file is created in
pkcs12 format, it must be converted to jks format using the
orapki (Oracle wallet) tool with pkcs12_to_jks option. Copy
the ewallet file to the server where Engineering Lifecycle Management application
is installed.
Procedure
- Edit the server.startup file under
ELMInstall\server, add the following JVM properties.
Windows
set JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStore=c:\path\ewallet.jks
set JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStoreType=jks
set JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStorePassword=xxxx
set JAVA_OPTS=%JAVA_OPTS% -Doracle.net.ssl_cipher_suites=SSL_RSA_WITH_AES_256_CBC_256SHA
set JAVA_OPTS=%JAVA_OPTS% -Doracle.net.ssl_client_authentication=FALSE
set JAVA_OPTS=%JAVA_OPTS% -Doracle.net.ssl_version=1.2
Linux
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/path/ewallet.jks"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStoreType=jks"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStorePassword=xxxx"
JAVA_OPTS="$JAVA_OPTS -Doracle.net.ssl_cipher_suites=SSL_RSA_WITH_AES_256_CBC_256SHA"
JAVA_OPTS="$JAVA_OPTS -Doracle.net.ssl_client_authentication=FALSE"
JAVA_OPTS="$JAVA_OPTS -Doracle.net.ssl_version=1.2"
- Set the environment variables ORACLE_JDBC_DRIVER_FILE from the server where ELM is
installed, point to all the following jdbc.jar files. Make sure you include the
file name and not just the file path.
- ojdbc8.jar
- oraclepki.jar
- osdt_cert.jar
- osdt.core.jar
- Update the java security file, uncomment the following line to allow AES 256
chipper.
- Restart the WebSphere Liberty Server.