This article explains how to configure JDBC Connection shared resource in TIBCO ActiveMatrix BusinessWorks™ 5 to connect to Oracle database server over TLS.
Oracle JDBC driver - ojdbc8.jar
JDBC Driver
Select the following driver from the Select driver dropdown.
oracle.jdbc.driver.OracleDriver (thin)
Database URL
To connect over TLS with mutual authentication, specify the URL as follows -
jdbc:oracle:thin:@tcps://host:port/service?wallet_location=path_to_wallet_directory
For example, jdbc:oracle:thin:@tcps://dbserver:2484/orcl19.tibco.com?wallet_location=D:/PKI/wallet
- wallet_location - Path to the directory where the wallet file containing the trusted certificates, client’s certificate and client’s private key is present.
Note - When using Oracle wallet file, make sure that the JAR files oraclepki.jar, osdt_core.jar and osdt_cert.jar are in designer/bwengine classpath.
TIBCO Database Driver Supplement Software (TDDS) - TIOracle.jar
JDBC Driver
Select the following driver from the Select driver dropdown.
tibcosoftwareinc.jdbc.oracle.OracleDriver
Database URL
To connect over TLS with mutual authentication, specify the URL as follows -
jdbc:tibcosoftwareinc:oracle://host:port;SID=sid;EncryptionMethod=ssl;TrustStore=path_to_wallet_file
For example, jdbc:tibcosoftwareinc:oracle://dbserver:2484;SID=orcl19;EncryptionMethod=ssl;TrustStore=D:/PKI/wallet/cwallet.sso
- encryptionMethod - Set this property to SSL to enable TLS
- trustStore - Path to the wallet file containing the trusted certificates, client’s certificate and client’s private key
With TDDS driver, it is also possible to specify JKS-format keystore and truststore files using connection properties.
jdbc:tibcosoftwareinc:oracle://host:port;SID=sid;EncryptionMethod=ssl;TrustStore=path_to_truststore_file;TrustStorePassword=truststore_password;KeyStore=path_to_keystore_file;KeyStorePassword=keystore_password
For example, jdbc:tibcosoftwareinc:oracle://dbserver:2484;SID=orcl19;EncryptionMethod=ssl;TrustStore=D:/PKI/clienttrust.jks;TrustStorePassword=password;KeyStore=D:/PKI/clientkey.jks;KeyStorePassword=password
- TrustStore - Path to the truststore file containing trusted certificates
- TrustStorePassword - Truststore password
- KeyStore - Path to the keystore file containing client’s certificate and private key
- KeyStorePassword - Keystore password
Using system properties to specify wallet or keystore/truststore files
The system properties javax.net.ssl.trustStore and javax.net.ssl.keyStore may be used to specify wallet or keystore and truststore files. A wallet file or JKS-format keystore may be used. When using these system properties, specify the URL as follows -
Oracle JDBC driver
jdbc:oracle:thin:@tcps://host:port/service
TDDS driver
jdbc:tibcosoftwareinc:oracle://host:port;SID=sid;EncryptionMethod=ssl
Add the following properties to designer.tra/bwengine.tra
Wallet
java.property.javax.net.ssl.trustStore=path_to_wallet_file
java.property.javax.net.ssl.trustStoreType=SSO
java.property.javax.net.ssl.keyStore=path_to_wallet_file
java.property.javax.net.ssl.keyStoreType=SSO
For example,
java.property.javax.net.ssl.trustStore=D:/PKI/wallet/cwallet.sso
java.property.javax.net.ssl.trustStoreType=SSO
java.property.javax.net.ssl.keyStore=D:/PKI/wallet/cwallet.sso
java.property.javax.net.ssl.keyStoreType=SSO
JKS-format keystore
java.property.javax.net.ssl.trustStore=path_to_truststore_file
java.property.javax.net.ssl.trustStorePassword=truststore_password
java.property.javax.net.ssl.keyStore=path_to_keystore_file
java.property.javax.net.ssl.keyStorePassword=keystore_password
For example,
java.property.javax.net.ssl.trustStore=D:/PKI/clienttrust.jks
java.property.javax.net.ssl.trustStorePassword=password
java.property.javax.net.ssl.keyStore=D:/PKI/clientkey.jks
java.property.javax.net.ssl.keyStorePassword=password
Certificate-based authentication
If the Oracle database server is configured to support TCPS authentication, the driver can authenticate to the database using a certificate.
Note - When authenticating using a certificate, do not specify User Name and Password in JDBC Connection shared resource configuration.
To use certificate-based authentication with Oracle JDBC driver, add the following property to designer.tra/bwengine.tra
java.property.oracle.net.authentication_services=(TCPS)
With the TDDS driver, set the property AuthenticationMethod to SSL as shown below.
jdbc:tibcosoftwareinc:oracle://host:port;SID=sid;EncryptionMethod=ssl;AuthenticationMethod=ssl;TrustStore=path_to_wallet_file
References
Oracle database server - TLS configuration
Oracle JDBC driver - TLS configuration and properties
TDDS driver - TLS configuration and properties
https://docs.progress.com/bundle/datadirect-oracle-jdbc-60/page/Data-encryption.html
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now