Adding an encryption profile with the graphical user interface
You must create an encryption profile before or during the creation of an instance of the CDC Replication engine.
Procedure
-
At the command prompt, launch the configuration tool by issuing one of the following
commands:
- Windows
-
\CDC_Replication_installation_directory\bin\dmconfigurets.exe
- Linux, UNIX
-
/CDC_Replication_installation_directory/bin/dmconfigurets
- In the Encryption Profiles area, click Manage and then click Add.
-
On the Encryption Profile window, specify a unique profile name.
Note: If you name the profile "Default," then when you later export and import your replication configuration the import command automatically creates the encryption profile with the default settings, which specify no encryption. So if you name the profile "Default," you should use the default key stores and trust stores with no encryption.
-
In the Engine-to-Engine Communication area under
Encryption, select one of the following options:
- Enabled: Encryption is enabled for the instance. TLS is used when Enabled or Required is specified on the other instance.
- Disabled: Encryption is disabled for the instance. TLS is not supported. Unencrypted communication is supported when Enabled or Disabled is specified for the other instance.
- Required: Encryption is required to communicate with this instance. The other side must not specify Disabled or the connection will fail.
- Always: TLS is always used without negotiation. The other side must also specify Always.
You must specify Enabled or Required on both the source and target instances to use TLS encryption.
To enable encryption, the Private Key Store area is required.
-
Configure the following options in the Private Key Store area:
- Path
- Enter the location of a private keystore file or click Browse to select a file.
- Password
- Enter the password for the private keystore file and the private keys that it contains.
- Type
- Select the keystore type of private keystore file.
A private key store is not required unless engine-to-engine encryption is enabled, so you can leave the path and password fields blank if you choose to disable engine-to-engine encryption.
-
In the Trust Store area, configure the following options:
- Path
- Enter the location of a trust store file or click Browse to select a file.
- Password
- Enter the password for the trust store file.
- Type
- Select the keystore type of trust store file.