In this section, you learn how to set up a secure connection using Oracle
database.
About this task
To setup a secure connection using Oracle database, you must add the
javax.net.ssl.trust Store custom property. This system property specifies where
to find certain configuration files. The custom property uses a URL rather than a simple path, so
specify the value as a file-style URL: file:///file path .
Make sure the database sever is configured to allow SSL connection, and the DBA has a valid
ewallet file ready. By default, the ewallet file is created in
pkcs12 format, it must be converted to jks format using the
orapki (Oracle wallet) tool with pkcs12_to_jks option. Copy
the ewallet file to the server where Engineering Lifecycle Management application
is installed.
Procedure
- Under , click Custom
properties.
Remember: You must use three forward slashes (///) after
file:
Important: In a distributed environment, when you are using a separate application
server for each web application, you must add these custom properties for each instance of the
WebSphere® Application
Server.
- Click New, enter
javax.net.ssl.trustStore in the Name field, and enter
file:///JazzInstallDir\path\ewallet.jks in the
Value field. Substitute
JazzInstallDir with the location of Jazz® Team Server installation directory. For example, enter
file:///C:/PROGRA~1/IBM/JazzTeamServer/server/conf on Windows or enter
file:///home/user/IBM/JazzTeamServer/server/conf on UNIX systems.
Note: To avoid problems, do not use spaces in file paths. For the Program Files
directory you can use PROGRA~1, and for the Program Files
(x86) directory, you can use PROGRA~2.
- Click OK.
- Add the following properties to enable SSL database connection with Oracle:
- javax.net.ssl.trustStoreType = JKS
- javax.net.ssl.trustStorePassword = myPassword
- oracle.net.ssl_cipher_suites = SSL_RSA_WITH_AES_256_CBC_SHA
- oracle.net.ssl_client_authentication = FALSE
- oracle.net.ssl_version = 1.2
- In the WebSphere Integrated Solutions Console navigation pane, set the classpath defined
to point to the following jdbc jar files.
- ojdbc8.jar
- oraclepki.jar
- osdt_cert.jar
- osdt.core.jar
- Under Class Loading, select the Use an isolated class loader for this shared
library check box, click Apply, and then click
Save.
- Update the java security file, uncomment the following line to allow AES 256
chipper.
- Restart the Web Application Server.