Configuring SSL for JDBC Connection

Using the Secure Sockets Layer (SSL) protocol, you can establish a secure communication between the JDBC client and DBMS servers. You can use TIBCO BusinessEvents Studio to configure SSL for a JDBC connection.

Procedure
1. In TIBCO BusinessEvents Studio, open the JDBC shared resource for editing.

   See JDBC Connection Wizard and Configuration Tab for more details about JDBC fields.

2. Select the Use SSL check box for activating the SSL protocol for the JDBC connection.
   The Configure SSL button is activated.
3. Click Configure SSL.
   The SSL Configuration for JDBC window is displayed.
4. Enter values for the SSL parameters and click OK.
   See JDBC SSL Configuration Reference for more details about these parameters.
5. Save the JDBC shared resource.
   The JDBC connection is now configured to use the SSL protocol.
Oracle Database Configuration
6. (Oracle database only) When using the Oracle wallet or .p12 file as keystore or truststore type, copy the following JAR files from the jlib directory in the Oracle installation to BE_HOME/lib/ext/tpcl:
   oraclepki.jar

   osdt_cert.jar

   osdt_core.jar
   Note: If you get the following exception when using JKS as keystore or truststore type:

   java.security.cert.CertPathValidatorException: Algorithm constraints check failed: MD5withRSA

   then perform the following steps:

   Oracle 11g

   • Remove MD5 from the following property value in java.security file:

      jdk.certpath.disabledAlgorithms=MD2,MD5,RSA
     keySize < 1024

   • Remove MD5withRSA from the following property value in java.security file:

       jdk.tls.disabledAlgorithms=SSLv3, RC4,
     MD5withRSA, DH keySize < 768

   • Store root certificate in the truststore folder.

   Oracle 12c

   Create wallets and certificates with SHA-256 or other than MD5withRSA as signing algorithm. Now create the JKS keystore and truststore using these wallets.

   For more information, see SSL Connection to Oracle DB.