Adding an encryption profile on the command-line (UNIX and Linux)

You must create an encryption profile before or during the creation of an instance of the CDC Replication engine.

About this task

If you are configuring the first instance of CDC Replication after installation, you can proceed to Step 3 after you reach the Encryption profile selection.

Procedure

  1. At the command prompt, launch the configuration tool by issuing the following command: 
     /CDC_Replication_installation_directory/bin/dmconfigurets
  2. Type the number that corresponds with the Manage encryption profiles option and press Enter.
  3. To add a new encryption profile, type 1 and press Enter.
  4. Enter a unique profile name and press Enter.
    Note: If you name the profile "Default," then when you later export and import your replication configuration the import command automatically creates the encryption profile with the default settings, which specify no encryption. So if you name the profile "Default," you should use the default key stores and trust stores with no encryption.
  5. For Encryption, specify one of the following options:
    • Enabled: Encryption is enabled for the instance. TLS is used when Enabled or Required is specified on the other instance.
    • Disabled: Encryption is disabled for the instance. TLS is not supported. Unencrypted communication is supported when Enabled or Disabled is specified for the other instance.
    • Required Encryption is required to communicate with this instance. The other side must not specify Disabled or the connection will fail.
    • Always: TLS is always used without negotiation. The other side must also specify Always.

    You must specify Enabled or Required on both the source and target instances to use TLS encryption.

    To enable encryption, a private key store is required.

  6. Enter the path to the private keystore file and press Enter.
    A private keystore is not required unless engine-to-engine encryption is enabled, so the path can be left blank. You will not be prompted for a private key store password or a private key store type if you leave the path blank.
  7. Enter the password of the private keystore file and the keys that are contained within it and press Enter.
  8. Choose the keystore type of the private keystore file and press Enter.
  9. Enter the path to the trust store file and press Enter.
  10. Enter the password for the trust store file and press Enter.
  11. Choose the keystore type of the trust store file and press Enter.