An Java Application running with JDBC thin wtih TCP connection, Now require is to convert in TCPS for encryption transmission from application to database.
String url = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=servername)(PORT=XXXX))(CONNECT_DATA=(SERVICE_NAME=XXXX)))");
with using JKS truststore for certificate;
Here we havn't using sqlnet.ora
file for setup TCPS encryption. Can anyone help for same that what are changes require in JDBC,Ciper, certificate etc ?
Best Answer
To setup TCPS with JDBC, we have a few tasks.
First, create the wallet in both client and server:
Then, create self-signed certificates (or signed by a trusted CA)
Exchange via SFTP/SCP and import each other certificate in the wallet
Now indicate in SQLNET.ORA the location of the wallet (in TNS_ADMIN folder, in both client and server).
Now edit listener.ora in the server to add the secure endpoint (PROTOCOL = TCPS):
Restart the listener with lsnrctl stop, start and status to check that your line is showing up.
Update the TNSNAMES.ORA accordingly in both client and server.
The TNS_ADMIN folder in the client has to be the same used for the wallet, so place your sqlnet.ora and tnsnames.ora in that folder only.
If everything is good so far, tnsping MYDB_SSL will return OK.
Otherwise, check lsnrctl on the server side, find the log and troubleshoot.
On the java side, set the JDBC URL as per the example below (for Spring/JPA):
Load the certificates in the cacerts with the keytool command:
Run the app, you may specify the TNS_ADMIN in the command line too:
Hope this helps...