Setting up secure connection with Oracle database connection for WebSphere Application Server

Edit online

In this section, you learn how to set up a secure connection using Oracle database.

About this task

To setup a secure connection using Oracle database, you must add the javax.net.ssl.trust Store custom property. This system property specifies where to find certain configuration files. The custom property uses a URL rather than a simple path, so specify the value as a file-style URL: file:///file path . Make sure the database sever is configured to allow SSL connection, and the DBA has a valid ewallet file ready. By default, the ewallet file is created in pkcs12 format, it must be converted to jks format using the orapki (Oracle wallet) tool with pkcs12_to_jks option. Copy the ewallet file to the server where Engineering Lifecycle Management application is installed.

Procedure

  1. Under Java Virtual Machine > Additional Properties, click Custom properties.
    Remember: You must use three forward slashes (///) after file:
    Important: In a distributed environment, when you are using a separate application server for each web application, you must add these custom properties for each instance of the WebSphere® Application Server.
  2. Click New, enter javax.net.ssl.trustStore in the Name field, and enter file:///JazzInstallDir\path\ewallet.jks in the Value field. Substitute JazzInstallDir with the location of Jazz® Team Server installation directory. For example, enter file:///C:/PROGRA~1/IBM/JazzTeamServer/server/conf on Windows or enter file:///home/user/IBM/JazzTeamServer/server/conf on UNIX systems.
    Note: To avoid problems, do not use spaces in file paths. For the Program Files directory you can use PROGRA~1, and for the Program Files (x86) directory, you can use PROGRA~2.
  3. Click OK.
  4. Add the following properties to enable SSL database connection with Oracle:
    • javax.net.ssl.trustStoreType = JKS
    • javax.net.ssl.trustStorePassword = myPassword
    • oracle.net.ssl_cipher_suites = SSL_RSA_WITH_AES_256_CBC_SHA
    • oracle.net.ssl_client_authentication = FALSE
    • oracle.net.ssl_version = 1.2
  5. In the WebSphere Integrated Solutions Console navigation pane, set the classpath defined to point to the following jdbc jar files.
    • ojdbc8.jar
    • oraclepki.jar
    • osdt_cert.jar
    • osdt.core.jar
  6. Under Class Loading, select the Use an isolated class loader for this shared library check box, click Apply, and then click Save.
  7. Update the java security file, uncomment the following line to allow AES 256 chipper.
    • #crypto.policy=unlimited
  8. Restart the Web Application Server.