Configuring JDBC Over SSL
Perform the following steps to configure JDBC over SSL:
1. Define the following properties in the Windchill server db.properties file:
wt.pom.dbConnectionPropertiesNameList=javax.net.ssl.trustStore,
javax.net.ssl.trustStoreType,javax.net.ssl.trustStorePassword,
oracle.net.ssl_cipher_suites
wt.pom.dbConnectionPropertiesValueList=C:\\jks\\selfsigned3.jks,
JKS,client01,(SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
SSL_DH_anon_WITH_RC4_128_MD5,SSL_DH_anon_WITH_DES_CBC_SHA)
|
If SSL cipher suites are in place, we must specify the 'oracle.net.ssl_cipher_suites' property and its values. If SSL cipher suites are not in place, we do not need this property and its value.
|
◦ If you need client authentication, provide keystore properties instead of truststore properties:
wt.pom.dbConnectionPropertiesNameList=javax.net.ssl.keyStore,
javax.net.ssl.keyStoreType,javax.net.ssl.keyStorePassword,
oracle.net.ssl_cipher_suites
wt.pom.dbConnectionPropertiesValueList= C:\\jks\\selfsigned3.jks,
JKS,client01,(SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
SSL_DH_anon_WITH_RC4_128_MD5,SSL_DH_anon_WITH_DES_CBC_SHA)
2. Add the new property given below in the Windchill server db.properties file, which determines whether JDBC should be activated over SSL.
wt.pom.jdbc.protocol=TCPS
|
If the property is not specified, Windchill will serve the regular JDBC connections. However, if TCPS value is specified for the property, the corresponding port number must be specified in the wt.pom.jdbc.port property.
|