Oracle Client for Encrypted Database Connections
For use when changing oracle client to use tcps
Step-by-step guide
- Make a wallet directory and add the cwallet.sso and ewallet.p12 files
- Copy access.xml and sqlnet.ora files to the client network/admin directory
- Update the database connection string (PROTOCOL=TCPS, PORT=2484, SERVICE_NAME=kfs40t_srv.uits.uconn.edu) in the tnsnames.ora file
- Copy oraclepki.jar, osdt_cert.jar, osdt_core.jar to the client lib directory
vi /usr/lib/jvm/jre/lib/security/java.security
security.provider.10=oracle.security.pki.OraclePKIProvider
cp /usr/lib/oracle/12.2/client64/lib/oraclepki.jar /usr/lib/jvm/jre/lib/ext
cp /usr/lib/oracle/12.2/client64/lib/osdt_cert.jar /usr/lib/jvm/jre/lib/ext
cp /usr/lib/oracle/12.2/client64/lib/osdt_core.jar /usr/lib/jvm/jre/lib/ext
vi /opt/tomcat-kfs/bin/setenv.sh
vi /opt/tomcat-rice/bin/setenv.sh
vi wrapper.ksh
#Oracle JDBC encryption with wallet
export CATALINA_OPTS="$CATALINA_OPTS -Doracle.net.tns_admin=/usr/lib/oracle/12.2/client64/network/admin/"
export CATALINA_OPTS="$CATALINA_OPTS -Doracle.net.wallet_location='(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/usr/lib/oracle/12.2/client64/wallet)))'"
vi /srv/uconn_configs/kfs-config/security/security.properties
vi /srv/uconn_configs/rice-config/rice-config.xml
--datasource.url=jdbc:oracle:thin:@(DESCRIPTION=(LOAD_BALANCE=YES)(FAILOVER=ON)(ADDRESS=(PROTOCOL=TCPS)(HOST=exa02-scan.uits.uconn.edu)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=kfs40t_srv.uits.uconn.edu)(FAILOVER_MODE=(TYPE=SELECT)(METHOD=BASIC)(RETRIES=20)(DELAY=5))))
Related articles