Hello - We have an application whose security requirement is that all traffic must be over SSL. I have been able to confiugure SSL communication to MQ Series but not to Oracle. Is this even possible with the most current JDBC Adapter 6.5? If so, can you point me to some documentation?
I opened an SR with webMethods and they do not know of any documentation. But I am sure it’s possible. Back in 2003, we configured an Oracle PL/SQL stored procedure to invoke wM over an HTTPS wM port. If I recall, we added wM’s public cert in Oracle’s “wallet” and the PL/SQL developer used Oracle’s HTTPS package.
Of course, now we’re going in reverse (from wM to Oracle) and securing the whole adapter connection; so it’s not apples to apples. Here’s our configuration:
wM IS 7.1.2 on Solaris 10 (5.10)
Oracle 10gR2 (10.2.0.4) RAC
Were you able to enable SSL with the JDBC Adapter 6.5? If so can you please summarize the changes that were required?
Based on your requirement that all traffic be over SSL, how did you deal with the internal webMethods pools? They rely on the DataDirect Connect JDBC Driver v3.6 packaged with webMethods and per the DataDirect documentation SSL is not supported.
Hi Fred - We’re implementing Oracle.Net encryption. While this isn’t SSL per se, I believe it does encrypt the data across the wire. Implementing oracle.net encryption requires some settings on the Oracle side. On the wM side, I added the following parameters:
For JDBC Adapter connections, I added these parms in otherProperties: oracle.net.encryption_client=requested; oracle.net.encryption_types_client=RC4_256; oracle.net.crypto_checksum_client=requested; oracle.net.crypto_checksum_types_client=MD5;
For wM internal db connection, I added similar string to the Database URL:
oracle.net.encryption_client=requested;oracle.net.encryption_types_client=RC4_256;oracle.net.crypto_checksum_client=requested;oracle.net.crypto_checksum_types_client=MD5
Hello Rajesh,
This is petty late post on your thread.
I have similar requirement on AS400 connection using AS400JDBC DataSource.
Do you have inputs which params we need to use in Other Parameters?
I have made changes as mentioned below in oracle connection and it seems its working fine, but how can i do the packet sniffing over my network to confirm data was encrypt while transmitting over JDBC connection.
Hi Siva - We had to engage our network guys to install the packet sniffing software on both the Oracle and wM servers. I can’t recall anymore what that software was called.
We have a similar requirement in IS 8.0.1 to use encryption to connect to Oracle (11.2.0.2.). Using ojdbc14 we couldn’t establish the connectivity. We upgraded the new jar file ojdbc6 and it worked for JDBC Adapter connection. But we are unable to connect to the same database for MWS. Can anyone please let me know if Data Direct for Oracle JDBC supports the below configuration
The configuration that worked for us after upgrading to ojdbc6 in IS
url=jdbc:oracle:thin:@(DESCRIPTION=(LOAD_BALANCE=on)(ADDRESS=(PROTOCOL=TCP)(HOST=XXXX)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=XXXX)(FAILOVER_MODE =(TYPE = SELECT)(METHOD = BASIC)(RETRIES = 180)(DELAY = 5))(SQLNET.ENCRYPTION_CLIENT=REQUESTED)(SQLNET.ENCRYPTION_TYPES_CLIENT=AES256)))
Oracle server side setting is mentioned below: SQLNET.ENCRYPTION_SERVER = REQUIRED SQLNET.ENCRYPTION_TYPES_SERVER = (AES256)
Setting that is not working when configuring in JDBC Pools:
jdbc:wm:oracle://:1521;ServiceName=;SQLNET.ENCRYPTION_CLIENT=REQUIRED;SQLNET.ENCRYPTION_TYPES_CLIENT=AES256
Information in this thread is very useful. thank you all for your contribution. we have a situation
here where in we user AS/400 Adapter to communicate with one of the back end system.
we have a request from Security team to encryt the As400/adapter connection credential to the back end
while transporting. i do see here the details to peform the same for JDBC Connection with Oracle DB.
however any help on AS/400 Adatper would be very helpful.
Hi MM - This is all JDBC protocol, so if the AS400 backend supports JDBC, you can probably insert the SSL piece into the connection string. I haven’t done it myself, but am thinking this link might help: