Creating and Exchanging CA Signed Certificate at Client and Server Side

Installation and Upgrade > Advanced Deployment Considerations > Advanced Database Configurations > Configuring Windchill to Use JDBC over SSL > Configuring Windchill with Oracle Database to Use JDBC over SSL > Creating and Exchanging CA Signed Certificate at Client and Server Side

This section describes the high-level procedure to be performed to achieve two-way authentication and encryption between Oracle database and the Windchill host. The Creating and Exchanging Self-signed Certificate at Client and Server Side help topic provides the detailed steps that you can use to achieve two-way SSL through self-signed certificates. If the requirement is to configure JDBC over SSL with CA signed certificates, below listed configurations are required.

1. Identify the certificate store for Windchill and Oracle host.

2. Based on your security requirement and available PKI infrastructure, create certificate signing request (CSR) based on common name, host details, validity, key size and other parameters.

3. Get the CSR signed by a CA signing authority which can be either a third party vendor or local root CA.

4. Import and exchange the CA signed certificates using related PKI based commands such as ORAPKI for Oracle database.

For more information, refer the following articles from Oracle documentation:

◦ How to setup the database and the client to have SSL mutual authentication with an Oracle JDBC thin client and the database?

◦ Step by step guide to configure SSL authentication

◦ How to investigate and troubleshoot SSL/TLS issues on the database and client SQL*Net layer

For any issues related to security certificate handshake failure, contact the respective vendor.