Tomcat Configuration for Encrypted Database Connections

Use when configuring tomcat to use encrypted database connections over tcps.

Step-by-step guide

  1. Add the oracle.security.pki.OraclePKIProvider provider the the java.security file.
  2. Copy oraclepki.jar, osdt_cert.jar, osdt_core.jar to the the /usr/lib/jvm/jre/lib/ext directory
  3. Update tomcat environment variables
  4. Update the database connection string PROTOCOL=TCPS, PORT=2484, SERVICE_NAME=kfs40t_srv.uits.uconn.edu


vi /usr/lib/jvm/jre/lib/security/java.security
security.provider.10=oracle.security.pki.OraclePKIProvider

cp /usr/lib/oracle/12.2/client64/lib/oraclepki.jar /usr/lib/jvm/jre/lib/ext
cp /usr/lib/oracle/12.2/client64/lib/osdt_cert.jar /usr/lib/jvm/jre/lib/ext
cp /usr/lib/oracle/12.2/client64/lib/osdt_core.jar /usr/lib/jvm/jre/lib/ext


vi /opt/tomcat-kfs/bin/setenv.sh
vi /opt/tomcat-rice/bin/setenv.sh
vi wrapper.ksh

#Oracle JDBC encryption with wallet
export CATALINA_OPTS="$CATALINA_OPTS -Doracle.net.tns_admin=/usr/lib/oracle/12.2/client64/network/admin/"
export CATALINA_OPTS="$CATALINA_OPTS -Doracle.net.wallet_location='(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/usr/lib/oracle/12.2/client64/wallet)))'"



vi /srv/uconn_configs/kfs-config/security/security.properties
vi /srv/uconn_configs/rice-config/rice-config.xml
--datasource.url=jdbc:oracle:thin:@(DESCRIPTION=(LOAD_BALANCE=YES)(FAILOVER=ON)(ADDRESS=(PROTOCOL=TCPS)(HOST=exa02-scan.uits.uconn.edu)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=kfs40t_srv.uits.uconn.edu)(FAILOVER_MODE=(TYPE=SELECT)(METHOD=BASIC)(RETRIES=20)(DELAY=5))))