Configuring the batch processor for an SSL-enabled Oracle database
You can configure the batch processor to communicate with your Oracle database over SSL.
About this task
Procedure
- Configure or add the following properties in the $home/properties/Batch.properties file:
- database.jdbc.driver - Set the value to the
Oracle JDBC driver class name. For example:
database.jdbc.driver = oracle.jdbc.driver.OracleDriver
- mdm.database.uri - Set the value to a type
4 JDBC database connection URI that uses the SSL protocol. For example:
Refer to the Oracle database documentation for the syntax of the connection URI. Refer to the section "Installing additional batch processor instances" for information about encrypting the database user password.mdm.database.uri = jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=mdmdbtst)(PORT=1522))(CONNECT_DATA=(SERVICE_NAME=MDM12ORA)));user=MDMSSL1;password={xor})z4yMS8wMzY8Jg==
- mdm.database.prop.javax.net.ssl.trustStore -
Set the value to the equivalent value of the property javax.net.ssl.trustStore in
the $home/properties/ssl.client.props file. For
example, if the $home/properties/ssl.client.props file
has the following settings:
Then set the value of mdm.database.prop.javax.net.ssl.trustStore touser.root=/user/IBM/MDM/BatchProcessor1 javax.net.ssl.trustStore=${user.root}/etc/trust.p12
mdm.database.prop.javax.net.ssl.trustStore=/usr/IBM/MDM/BatchProcessor1/etc/trust.p12
- mdm.database.prop.javax.net.ssl.trustStoreType -
Set the value to the same value of the property javax.net.ssl.trustStoreType in
the $home/properties/ssl.client.props file. For
example:
mdm.database.prop.javax.net.ssl.trustStoreType=PKCS12
- mdm.database.prop.javax.net.ssl.trustStorePassword -
Set the value to the same value of the property javax.net.ssl.trustStorePassword in
the $home/properties/ssl.client.props file. For
example:
mdm.database.prop.javax.net.ssl.trustStorePassword={xor}PDc+MTg6Nis=
- mdm.database.prop.javax.net.ssl.keyStore -
Set the value to the equivalent value of the property javax.net.ssl.keyStore in
the $home/properties/ssl.client.props file. For
example, if the $home/properties/ssl.client.props file
has the following setting:
Then set the value of mdm.database.prop.javax.net.ssl.keyStore to:user.root=/user/IBM/MDM/BatchProcessor1 javax.net.ssl.keyStore=${user.root}/etc/key.p12
mdm.database.prop.javax.net.ssl.keyStore=/usr/IBM/MDM/BatchProcessor1 /etc/key.p12
- mdm.database.prop.javax.net.ssl.keyStoreType -
Set the value to the same value of the property javax.net.ssl.keyStoreType in
the $home/properties/ssl.client.props file. For
example:
mdm.database.prop.javax.net.ssl.keyStoreType=PKCS12
- mdm.database.prop.javax.net.ssl.keyStorePassword -
Set the value to the same value of the property javax.net.ssl.keyStorePassword in
the $home/properties/ssl.client.props file. For
example:
mdm.database.prop.javax.net.ssl.keyStorePassword={xor}PDc+MTg6Nis=
- mdm.database.prop.oracle.net.ssl_version -
Set the value to the SSL protocol version you would like to use. For
example:
mdm.database.prop.oracle.net.ssl_version=1.0
- mdm.database.prop.oracle.net.ssl_server_dn_match -
Set the value to TRUE if you want to force
the distinguished name (dn) of the server to match its service name.
The default value is FALSE:
mdm.database.prop.oracle.net.ssl_server_dn_match=FALSE
- database.jdbc.driver - Set the value to the
Oracle JDBC driver class name. For example:
- Obtain the server signer certificate from the database administrator and copy the certificate to a folder. For example, copy the certificate to $home/etc/mdm12ora.der.
- Import the certificate into the trust store specified by mdm.database.prop.javax.net.ssl.trustStore.
The store type is specified with mdm.database.prop.javax.net.ssl.trustStoreType.
For example:
or$WAS_HOME\java\jre\bin\keytool.exe -import -alias ora_ca -keystore $home\etc\trust.p12 -storetype PKCS12 -file $home\etc\mdm12ora.der
$WAS_HOME represents the home folder of the WebSphere® Application Server.$WAS_HOME/java/jre/bin/keytool -import -alias ora_ca -keystore $home/etc/trust.p12 -storetype PKCS12 -file $home/etc/mdm12ora.der
Note:You will be prompted for the trust store password. Reply with the unencrypted version of the value of mdm.database.prop.javax.net.ssl.trustStorePassword. If you did not change the password of the trust store, use the default password, which is WebAS.