It's all about the answers!

Ask a question

How can I use a secure Oracle port for my CLM Repositories?


Antoinette Iacobo (650512) | asked Jan 18 '16, 11:37 a.m.
 Your organization may have a requirement for Oracle databases.  How can you configure this for CLM? 

2 answers



permanent link
Antoinette Iacobo (650512) | answered Jan 18 '16, 11:38 a.m.
You can pass the necessary configuration parameters through the JVM using java parameters.  The specific parameters you need will depend on the database server configuration and must be supplied by the Oracle DBA.  

Here is an Oracle white paper that describes the various configurations:  http://www.oracle.com/technetwork/topics/wp-oracle-jdbc-thin-ssl-130128.pdf

Below is an example for Use Case 2 "USE SSL FOR ENCRYPTION AND SERVER AUTHENTICATION".  This configuration is for TLS 1.2 and the certificates are stored in Oracle wallet.   

For each CLM repository, you will need to set the Oracle connection properties for the jdbc connection in the teamserver.properties file and the JVM parameters in the WebSphere profile.  Using the InfoCenter instructions under the topic:  

Rational Collaborative Lifecycle Management Solution>Jazz Team Server>Installing>Installing the Rational solution for Collaborative Lifecycle Management (CLM)>Deploying and starting the server>Deploying and starting WebSphere Application Server>Administering the server by using the Integrated Solutions Console>Setting up WebSphere Application Server:
In the WebSphere Integrated Solutions Console, click Servers > Server Types > WebSphere application servers > Server1.
Under Server Infrastructure, click Java and Process Management > Process definition. Under Additional Properties, click Java Virtual Machine > Additional Properties, click Custom properties.  This is where you pass the Oracle parameters to the driver.  
 
The key changes to the JDBC Connection String are the protocol and the new secured port (in this example port 1534):   com.ibm.team.repository.db.jdbc.location=thin:jts/{password}@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=clm.ibm.com)(PORT=1534))(CONNECT_DATA=(SERVICE_NAME=CLM)))

These are the corresponding JVM custom properties that are set in the WebSphere profile:
javax.net.ssl.trustStore = c:\truststore\clientwallet\ewallet.p12 
Note:  this location is where the wallet has been copied on the application server.
javax.net.ssl.trustStoreType = PKCS12
javax.net.ssl.trustStorePassword = myPassword
oracle.net.ssl_cipher_suites = TLS_RSA_WITH_AES_256_CBC_SHA
oracle.net.ssl_client_authentication = FALSE
oracle.net.ssl_version = 1.0 

permanent link
vowner owner (257) | answered Mar 08 '18, 7:49 a.m.

How to enable this with Websphere liberty. 


when we are trying to hit the database by the tcps port, we are getting the below error in the applications log. <o:p> </o:p>

 

We are using clm 6.0.3 version with bundled liberty profile. For enabling mutual authentication with Application DB and application servers we have imported the certificates properly to both source and destination servers. However when we are testing the connection we are getting below error.

“SSLv2Hello is not a recognized protocol.”


 The used ojdbc string:-   

 

thin:jts_user/{password}@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.100.216)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=vmtestdb)) 

Your answer


Register or to post your answer.