Setting Up Authentication between Client Applications and TDV Server over JDBC

Administration Guide > TDV and SSL Authentication > Setting Up SSL > Setting Up Authentication between Client Applications and TDV Server over JDBC

Client applications, including Studio, can connect to TDV Server over JDBC connections. For secure communications, you need to define secure authentication.

The steps are included in this section for convenience. For a full description of the URL properties, refer to these topics in the TDV Client Interfaces Guide:

• Defining a JDBC Client using a Connection URL

• JDBC Driver Connection URL Properties

Make sure your application has been designed to accommodate TDV SSL authentication for JDBC. See Creating a JDBC Client Application with SSL Capability.

To define authentication between JDBC client applications and the TDV Server

The JDBC driver (.jar) file will be referenced by the client tool during configuration of the connection. For some client tools, the JDBC class name will be automatically discovered, for others the class name may need to be entered by the user as “cs.jdbc.driver.CompositeDriver”.

The fully populated connection strings are:

For a secure connection:

jdbc:compositesw:<userid>@<servername>:9401?domain=<domainname>&dataSource=<datasourcename>&encrypt=true&validateRemoteCert=true

For a non-secure connection:

jdbc:compositesw:<userid>@<servername>:9401?domain=<domainname>&dataSource=<datasourcename>

The 4 Java properties needs to be set for any process to configure access to the Trust Store that contains the public certificates from the Digicert certificate authority. The Trust Store provided should be placed in a secure location on disk and the two properties javax.net.ssl.trustStore and javax.net.ssl.trustAnchors should be adjusted to point to the file.

Java instance properties:

-Djavax.net.ssl.trustStore=<fully qualified trust store location on the client machine>

-Djavax.net.ssl/.trustStorePassword=<password provided by administrative team>

-Djavax.net.ssl.trustStoreType=JKS

- Djavax.net.ssl.trustAnchors=<fully qualified trust store location on the client machine>

Instructions for an Encrypted Connection

The JDBC connection URL adds the following two properties which enables a security connection to TDV's published security configuration database using trusted certificates that result in all traffic including payload to be encrypted applying the SHA-2 256-bit encryption algorithm.

encrypt: The encrypt property instructs the JDBC driver to transparently switch to the secure SSL port (the configured data services port +2) for all communications.

validateRemoteCert: This property initiates a validation handshake of the TDV server-side certificate (on Windows, Linux is supported on TDV 8.3 or later). This validation includes checking that the cert is not expired, that the root certificate is installed on your machine, that the certificate is signed with the fully qualified dns name of the server, etc. In general, it applies all the validation rules of IETF RFC 8446 (Transport Layer Securitry 1.3). Note that this means you can not use self-signed certificates with validateRemoteCertificate=true (but it will work without this property).