Preparing for an SSL connection with Oracle database server

You need to prepare your environment before you set up an SSL connection between the Content Engine and the Oracle database server.

Before you begin

You need to configure an SSL connection with the Oracle database server from the WebSphere® Application Server console. For more information, see the topic Configuring an SSL connection with your database server.

About this task

If you want to use an SSL connection with your database, you must import the SSL certificate from the database server into the CPE client machine. You can configure an SSL-enabled connection to GCD and object store databases that use Oracle database server.

Procedure

Follow the steps to configure SSL communication between Content Platform Engine and Oracle database server in a WebSphere Application Server environment:

  1. Enable an SSL connection for your Oracle database server.
    1. Obtain the certificate from a trusted authority or create a self-signed certificate.
  2. In the Content Platform Engine client machine, install the certificate file that you downloaded from the Oracle database server in a folder of your choice.
  3. Download the following files from the Oracle database server location ($ORACLE_HOME/jlib):
    oraclepki.jar
    osdt_cert.jar
    osdt_core.jar
  4. Copy the downloaded JAR files to the location specified in the WebSphere Application Server environment variable (ORACLE_JDBC_DRIVER_PATH).
  5. Add the following command to the WebSphere Application Server JRE file (<WAS_HOME>/java/jre/lib/security/java.security):
    security.provider.11=oracle.security.pki.OraclePKIProvider 
  6. Create a truststore and import the full path of the certificate into the truststore. You can use Custom JKS/PKCS12 truststore to import the full path of the certificate.

    For example, you can use the following command to import the certificate into the truststore:

    keytool -importcert -noprompt -keystore <file_name>.p12 -storetype pkcs12 -storepass <password> -alias <alias_of_certificate_file> -file <full_path_of_oracle_db_cert_file> 

What to do next

You can now configure the Content Platform Engine GCD and object store data sources to use SSL connection with the Oracle database server.