Configuring Sterling B2B Integrator for data traffic encryption with SSL authentication in Oracle

You can enable data traffic encryption and SSL authentication.

This procedure is applicable if you are running Sterling B2B Integrator on a system that requires either Sun JDK or IBM® JDK.

The example in this procedure uses two-way SSL authentication. It is recommended to follow the instructions in the "CASE #2: USE SSL FOR ENCRYPTION AND SERVER AUTHENTICATION" section of the Oracle documentation.

You can also configure one-way SSL authentication. If you want to use SSL for encryption and for server authentication of both tiers, it is recommended to follow the instructions in the "CASE #3: USE SSL FOR ENCRYPTION AND AUTHENTICATION OF BOTH TIERS" section of the Oracle documentation. For more information about one-way SSL authentication, see the Oracle documentation at SSL With Oracle JDBC Thin Driver.

If your installation of Sterling B2B Integrator is a cluster installation, you need to perform this procedure on each node, starting with node 1.

Important: If you are using Oracle SSL authentication, you cannot install or upgrade Sterling B2B Integrator. You must roll back the SSL configuration to a Standard Oracle database connection before you install or upgrade Sterling B2B Integrator. This includes applying a Fix Pack or an iFix for Sterling B2B Integrator.

To configure Sterling B2B Integrator for data traffic encryption with SSL authentication in Oracle:

  1. Install Sterling B2B Integrator in TCP (clear) mode.
  2. Stop Sterling B2B Integrator.
  3. Open the /install_dir/install/properties directory.
  4. Open the customer_overrides.properties file and add the following database connection information: 
    jdbcService.oraclePool.prop_javax.net.ssl.trustStore=/…/path/…/ClientKeyStore.jks
jdbcService.oraclePool.prop_javax.net.ssl.trustStoreType=JKS
jdbcService.oraclePool.prop_javax.net.ssl.trustStorePassword=password
jdbcService.oraclePool.prop_oracle.net.ssl_version=3.0
jdbcService.oraclePool.prop_javax.net.ssl.keyStore=/…/path/…/ClientKeyStore.jks
jdbcService.oraclePool.prop_javax.net.ssl.keyStoreType=JKS
jdbcService.oraclePool.prop_javax.net.ssl.keyStorePassword=password
  5. Repeat step 4 for the following Oracle connection pools by changing only the pool name:
    • oraclePool_local
    • oraclePool_NoTrans
    • oracleArchivePool
    • oracleUIPool
    If you have any other database pools, you need to add the properties for those pools.
  6. Open the sandbox.cfg file and change the database connection information to the following value: 
    ORACLE_JDBC_URL= jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=<DB host>)(PORT=<TCPS port as configured in DB config section above>))(CONNECT_DATA=(SERVICE_NAME=<service name>)))
  7. Open the /install_dir/install/activemq/conf directory.
  8. Open the activemqconfig.xml.in file and modify the database connection information:
    • Remove or comment out the following default ActiveMQ database configuration information:
      
#:ifdef ORACLE
<bean id="gis-ds" class="org.apache.commons.dbcp.BasicDataSource"
   destroy-method="close" singleton="true" lazy-init="default"
   autowire="default" dependency-check="default" 
		SCIOverrideName="persistence-bean">
<property name="driverClassName">
<value>oracle.jdbc.driver.OracleDriver</value>
</property>
<property name="url">
#:ifdef ORACLE_JDBC_URL
<value>&ORACLE_JDBC_URL;</value>
#:else
<value>jdbc:oracle:thin:@&ORA_HOST;:&ORA_PORT;:&ORA_DATA;</value>
#:endif
</property>
<property name="username">
<value>&ORA_USER;</value>
</property>
<property name="password"><value>&ORA_PASS;</value>
</property>
<property name="maxActive"><value>32</value>
</property>
</bean>
#:endif
    • Add the following ActiveMQ database configuration information:
      
<bean id="gis-ds"
class="oracle.jdbc.pool.OracleDataSource" destroy-method="close"
singleton="true" lazy-init="default" autowire="default"
dependency-check="default">
<property name="URL"><value>&ORACLE_JDBC_URL;</value></property>
<property name="user"><value>&ORA_USER;</value></property>
<property name="password"><value>&ORA_PASS;</value></property>
<property name="connectionProperties"><value>
javax.net.ssl.trustStore: /…/path/…/ClientKeyStore.jks
javax.net.ssl.trustStoreType:JKS
javax.net.ssl.trustStorePassword:password
oracle.net.ssl_version:3.0
javax.net.ssl.keyStore: /…/path/…/ClientKeyStore.jks
javax.net.ssl.keyStoreType:JKS
javax.net.ssl.keyStorePassword: password
driverClassName:oracle.jdbc.driver.OracleDriver
maxActive:32
</value>
</property>
</bean>
  9. Enter the command ./setupfiles.sh.
  10. Restart Sterling B2B Integrator.
    All the database connections from Sterling B2B Integrator are now connected through TCPS (encrypted) mode.