CA SiteMinder® lets you configure the connection between the Policy Server and Oracle database to communicate over SSL.
Note: A prerequisite for this communication is that the Oracle database must be enabled for SSL. For more information about enabling the database for SSL, see the Oracle documentation.
The following process describes how the connection is established between the Policy Server and the Oracle database over SSL:
Optionally, you can configure the Policy Server to communicate with an Oracle database over SSL without configuring the Policy Server to validate the certificate.
Note: The Policy Server uses a trust store to validate the certificate authenticity. The trust store can either be a single public certificate of the Certificate Authority (CA) or a PKCS12 trust store that contains a list of public certificates from trusted CAs. The public certificate is not password-protected, whereas, the PKCS12 trust store is encrypted and password-protected.
You can configure the Policy Server to communicate with Oracle over SSL using the ODBC Data Source Administrator Console.
Follow these steps:
The ODBC Oracle Wire Protocol Driver Setup dialog appears.
Specifies the encryption method the Policy Server uses to encrypt data that is sent between the Policy Server and the Oracle database server.
Default: 0 – No Encryption
Required Value: 1 – SSL Auto
(Optional) Specifies that the Policy Server validates the authenticity of the certificate that the Oracle database server presents.
Default: Selected
To configure SSL without requiring the Policy Server to validate the authenticity of the certificate that the Oracle database presents, clear the selection.
Defines the path name of the trust store file. Specify this value only if you require the Policy Server to validate the authenticity of the certificate that the Oracle database presents.
Required Value: The trust store can either be the public certificate of the CA or a PKCS12 trust store that contains one or more certificates. The public certificate is a single certificate which is not password-protected. The PKCS12 trust store is password-protected.
Defines the password that is required to access the trust store.
Defines the hostname in the certificate. The hostname in the certificate must match the hostname that is used to connect to the Oracle database server. If the hostname does not match, the connection fails.
Note: The Key Store, Key Store Password, and Key Password parameters are not applicable for this connection.
Configure SSL for the Policy Server on UNIX to enable the Policy Server to communicate with Oracle over SSL.
Follow these steps:
Note: For more information about the system_odbc.ini file, see the Policy Server Installation Guide.
Note: For more information about the parameters, see Configure SSL on Windows.
ValidateServerCertificate=0 or 1
Note: Specify 1, if you want to validate the Server Certificate. Specify 0, if you do not want to validate the Server Certificate.
TrustStore=Path to the CA certificate or PKCS12 trust store TrustStorePassword=TrustStorePassword HostNameInCertificate=hostname.domain.com
Example:
ValidateServerCertificate=1 TrustStore=\nete_ps_root\db\MyCAcert.cer or \nete_ps_root\db\MyCertTrustStore.p12 TrustStorePassword=abcd HostNameInCertificate=mydbhost.abc.com
Copyright © 2013 CA.
All rights reserved.
|
|