establishing TLS 1.2 encrypted JDBC connection to external Oracle database
search cancel

establishing TLS 1.2 encrypted JDBC connection to external Oracle database

book

Article ID: 212632

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Using the doc to establish external JDBC connection at 

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/11-0/security-configuration-in-policy-manager/tasks-menu-security-options/manage-jdbc-connections/set-jdbc-connection-properties.html

However, the instructions do not provide the following information to establish TLS1.2 encrypted JDBC connection to external Oracle database:

1. The place to specify the trust store properties, i.e.,  location, type, and password.

2. How to create trust store on API Gateway server so that the external Oracle database certificate can be imported into the trust store?

3. The JDBC URL connection string format for establishing TLS 1.2 encrypted connection to external Oracle database

 

 

Environment

Release : 9.4 , 10.x, 11.x

Component : APIGTW

Resolution

The parameter requirements for Oracle JDBC thin driver and Progress JDBC driver are different.

At least there are no equivalent parameters for the following two on Oracle JDBC thin driver:

 

HostNameInCertificate
PortNumber

1. How to configure SSL configuration using Oracle Thin Driver Configuration 

example :

Connection Name : OAuth

Driver Class = Oracle.jdbc.OracleDriver

JDBC URL = jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=<HostName>)(PORT=<Port>))(CONNECT_DATA=(SERVICE_NAME=<ServiceName>)))

Additional Properties :

javax.net.ssl.trustStore  =/opt/Secure/Span/Gateway/runtime/lib/ext/trustStore.jks

javax.net.ssl.trustStorePassword=<Password>

javax.net.ssl.trustStoreType=JKS

 

Note  : Oracle JDBC thin driver and Progress JDBC driver are different

2. How to configure SSL configuration using Progress (DataConnector used by l7tech gateway)

example :

Connection Name : OAuth
Driver Class: com.l7tech.jdbc.oracle.OracleDriver 
JDB URL: jdbc:l7tech:oracle://Host:Port;databasename=DBName  

Additional Properties added from JDBC Connection Properties config window :

CryptoProtocolVersion = TLSv1.2
EnableCancelTimeout=true
EncryptionMethod=SSL
EncryptionType=AES256
HostNameInCertificate=<example.net>
PortNumber=<Port>
TrustStore=/opt/SecureSpan/Gateway/runtime/lib/ext/trustStore.jks
TrustStorePassword=<Password>



Additional Information

References:

The Above was used based on Gateway jdbc:l7tech:oracle: uses the following connection properties :

https://docs.progress.com/bundle/datadirect-oracle-jdbc-60/page/Connection-property-descriptions.html

https://docs.oracle.com/cd/E11882_01/appdev.112/e13995/oracle/jdbc/OracleDriver.html

Powered by Wolken Software