You can configure a connection between the Policy Server and Oracle database to communicate over SSL. Be sure that the Oracle database is enabled for SSL before you configure the connection.
The following process describes how the connection is established between the Policy Server and the Oracle database over SSL:
Optionally, you can configure the Policy Server to communicate with an Oracle database over SSL without configuring the Policy Server to validate the certificate.
Note: The Policy Server uses a trust store to validate the certificate authenticity. The trust store is a single public certificate of the Certificate Authority (CA). Alternatively, the trust store is a PKCS12 trust store that contains a list of public certificates from trusted CAs. The public certificate is not password-protected, whereas, the PKCS12 trust store is encrypted and password-protected.
You can configure the Policy Server to communicate with Oracle over SSL using the ODBC Data Source Administrator Console.
Follow these steps:
The ODBC Oracle Wire Protocol Driver Setup dialog appears.
Specifies the encryption method the Policy Server uses to encrypt data that is sent between the Policy Server and the Oracle database server.
Default: 0 – No Encryption
Required Value: 1 – SSL Auto
(Optional) Specifies that the Policy Server validates the authenticity of the certificate that the Oracle database server presents.
Default: Selected
To configure SSL without requiring the Policy Server to validate the authenticity of the certificate that the Oracle database presents, clear the selection.
Defines the path name of the trust store file. To validate the authenticity of the certificate that the Oracle database presents, specify this value when yu require the Policy Store.
Required Value: The trust store can either be the public certificate of the CA or a PKCS12 trust store that contains one or more certificates. The public certificate is a single certificate which is not password-protected. The PKCS12 trust store is password-protected.
Defines the password that is required to access the trust store.
Defines the hostname in the certificate. The hostname in the certificate must match the hostname that is used to connect to the Oracle database server. If the hostname does not match, the connection fails.
Note: The Key Store, Key Store Password, and Key Password parameters are not applicable for this connection.
Configure SSL for the Policy Server on UNIX to enable the Policy Server to communicate with Oracle over SSL.
Follow these steps:
ValidateServerCertificate=0 or 1
When you want to validate the Server Certificate, specify 1. When you do not want to validate the Server Certificate, specify 0.
TrustStore=Path to the CA certificate or PKCS12 trust store TrustStorePassword=TrustStorePassword HostNameInCertificate=hostname.domain.com
Example:
ValidateServerCertificate=1 TrustStore=\nete_ps_root\db\MyCAcert.cer or \nete_ps_root\db\MyCertTrustStore.p12 TrustStorePassword=abcd HostNameInCertificate=mydbhost.abc.com
Copyright © 2014 CA.
All rights reserved.
|
|