establishing TLS 1.2 encrypted JDBC connection to external Oracle database
search cancel

establishing TLS 1.2 encrypted JDBC connection to external Oracle database

book

Article ID: 212632

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

using the doc to  establish external JDBC connection at Set JDBC Connection Properties (broadcom.com).

However, the instructions do not provide the following information to establish TLS1.2 encrypted JDBC connection to external Oracle database:

1. The place to specify the trust store properties, i.e.,  location, type, and password.

2. How to create trust store on API Gateway server so that the external Oracle database certificate can be imported into the trust store?

3. The JDBC URL connection string format for establishing TLS 1.2 encrypted connection to external Oracle database

 

 

Environment

Release : 9.4 , 10

Component : APIGTW

Resolution

The parameters' requirements for Oracle JDBC thin driver and Progress JDBC driver are different.

At least there are no equivalent parameters for the following two on Oracle JDBC thin driver:

 

HostNameInCertificate
PortNumber

1. How to configure SSL configuration using Oracle Thin Driver Configuration 

example :

Connection Name : OAuth

Driver Class = Oracle.jdbc.OracleDriver

JDBC URL = jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=EC0123456)(PORT=16213))(CONNECT_DATA=(SERVICE_NAME=DAT060)))

Additional Properties :

javax.net.ssl.trustStore  =/opt/Secure/Span/Gateway/runtime/lib/ext/trustStore.jks

javax.net.ssl.trustStorePassword=Password123

javax.net.ssl.trustStoreType=JKS

 

Note  : Oracle JDBC thin driver and Progress JDBC driver are different

2. How to configure SSL configuration using Progress (DataConnector used by l7tech gateway)

example :

Connection Name : OAuth
Driver Class: com.l7tech.jdbc.oracle.OracleDriver 
JDB URL: jdbc:l7tech:oracle://EC0123:16213;databasename=DAT060  

Additional Properties added from JDBC Connection Properties config window :

CryptoProtocolVersion = TLSv1.2
EnableCancelTimeout=true
EncryptionMethod=SSL
EncryptionType=AES256
HostNameInCertificate=EC0123.domain.net
PortNumber=16213
TrustStore=/opt/SecureSpan/Gateway/runtime/lib/ext/trustStore.jks
TrustStorePassword=Password123



Additional Information

References:

The Above was used based on  Gateway jdbc:l7tech:oracle: uses the following connection properties :

https://docs.progress.com/bundle/datadirect-oracle-jdbc-60/page/Connection-property-descriptions.html

https://docs.oracle.com/cd/E11882_01/appdev.112/e13995/oracle/jdbc/OracleDriver.html