Jump to content
The TIBCO Platform is a real-time, composable data platform that will bring together an evolving set of your TIBCO solutions - and it's available now! See more information here

  • Configuring TIBCO ActiveMatrix BusinessWorks™ 5 to connect to Oracle database server over TLS

    Kurian Kuruvilla

    By Kurian Kuruvilla

     Share

    This article explains how to configure JDBC Connection shared resource in TIBCO ActiveMatrix BusinessWorks™ 5 to connect to Oracle database server over TLS.

    Oracle JDBC driver - ojdbc8.jar

    JDBC Driver

    Select the following driver from the Select driver dropdown. 

    oracle.jdbc.driver.OracleDriver (thin)

    Database URL

    To connect over TLS with mutual authentication, specify the URL as follows -      

    jdbc:oracle:thin:@tcps://host:port/service?wallet_location=path_to_wallet_directory

For example, jdbc:oracle:thin:@tcps://dbserver:2484/orcl19.tibco.com?wallet_location=D:/PKI/wallet
    • wallet_location - Path to the directory where the wallet file containing the trusted certificates, client’s certificate and client’s private key is present.

    Note - When using Oracle wallet file, make sure that the JAR files oraclepki.jar, osdt_core.jar and osdt_cert.jar are in designer/bwengine classpath.

    TIBCO Database Driver Supplement Software (TDDS) - TIOracle.jar

    JDBC Driver

    Select the following driver from the Select driver dropdown. 

    tibcosoftwareinc.jdbc.oracle.OracleDriver

    Database URL

    To connect over TLS with mutual authentication, specify the URL as follows -  

    jdbc:tibcosoftwareinc:oracle://host:port;SID=sid;EncryptionMethod=ssl;TrustStore=path_to_wallet_file

For example, jdbc:tibcosoftwareinc:oracle://dbserver:2484;SID=orcl19;EncryptionMethod=ssl;TrustStore=D:/PKI/wallet/cwallet.sso
    • encryptionMethod - Set this property to SSL to enable TLS
    • trustStore - Path to the wallet file containing the trusted certificates, client’s certificate and client’s private key

    With TDDS driver, it is also possible to specify JKS-format keystore and truststore files using connection properties. 

    jdbc:tibcosoftwareinc:oracle://host:port;SID=sid;EncryptionMethod=ssl;TrustStore=path_to_truststore_file;TrustStorePassword=truststore_password;KeyStore=path_to_keystore_file;KeyStorePassword=keystore_password

For example, jdbc:tibcosoftwareinc:oracle://dbserver:2484;SID=orcl19;EncryptionMethod=ssl;TrustStore=D:/PKI/clienttrust.jks;TrustStorePassword=password;KeyStore=D:/PKI/clientkey.jks;KeyStorePassword=password
    • TrustStore - Path to the truststore file containing trusted certificates
    • TrustStorePassword - Truststore password
    • KeyStore - Path to the keystore file containing client’s certificate and private key
    • KeyStorePassword - Keystore password

    Using system properties to specify wallet or keystore/truststore files

    The system properties javax.net.ssl.trustStore and javax.net.ssl.keyStore may be used to specify wallet or keystore and truststore files. A wallet file or JKS-format keystore may be used. When using these system properties, specify the URL as follows -

    Oracle JDBC driver 

    jdbc:oracle:thin:@tcps://host:port/service

    TDDS driver 

    jdbc:tibcosoftwareinc:oracle://host:port;SID=sid;EncryptionMethod=ssl

    Add the following properties to designer.tra/bwengine.tra

    Wallet 

    java.property.javax.net.ssl.trustStore=path_to_wallet_file
java.property.javax.net.ssl.trustStoreType=SSO
java.property.javax.net.ssl.keyStore=path_to_wallet_file
java.property.javax.net.ssl.keyStoreType=SSO

For example,
java.property.javax.net.ssl.trustStore=D:/PKI/wallet/cwallet.sso
java.property.javax.net.ssl.trustStoreType=SSO
java.property.javax.net.ssl.keyStore=D:/PKI/wallet/cwallet.sso
java.property.javax.net.ssl.keyStoreType=SSO

    JKS-format keystore 

    java.property.javax.net.ssl.trustStore=path_to_truststore_file
java.property.javax.net.ssl.trustStorePassword=truststore_password
java.property.javax.net.ssl.keyStore=path_to_keystore_file
java.property.javax.net.ssl.keyStorePassword=keystore_password

For example,
java.property.javax.net.ssl.trustStore=D:/PKI/clienttrust.jks
java.property.javax.net.ssl.trustStorePassword=password
java.property.javax.net.ssl.keyStore=D:/PKI/clientkey.jks
java.property.javax.net.ssl.keyStorePassword=password

    Certificate-based authentication

    If the Oracle database server is configured to support TCPS authentication, the driver can authenticate to the database using a certificate. 

    Note - When authenticating using a certificate, do not specify User Name and Password in JDBC Connection shared resource configuration.

    To use certificate-based authentication with Oracle JDBC driver, add the following property to designer.tra/bwengine.tra 

    java.property.oracle.net.authentication_services=(TCPS)

    With the TDDS driver, set the property AuthenticationMethod to SSL as shown below.  

    jdbc:tibcosoftwareinc:oracle://host:port;SID=sid;EncryptionMethod=ssl;AuthenticationMethod=ssl;TrustStore=path_to_wallet_file

    References

    Oracle database server - TLS configuration

    https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/configuring-secure-sockets-layer-authentication.html#GUID-6AD89576-526F-4D6B-A539-ADF4B840819F

    Oracle JDBC driver - TLS configuration and properties

    https://docs.oracle.com/en/database/oracle/oracle-database/19/jjdbc/client-side-security.html#GUID-2BD2F189-A58C-4A85-8524-CFD9BB9AC575

    TDDS driver - TLS configuration and properties

    https://docs.progress.com/bundle/datadirect-oracle-jdbc-60/page/Data-encryption.html

     Share
    Go to articles

    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

© 2024 Cloud Software Group, Inc. All rights reserved.
×
×
  • Create New...