Configuring SSL in Oracle

The SSL feature provides a secure communication channel between Sterling B2B Integrator and the Oracle database.

You can configure SSL with the Oracle database so that the connection between Sterling B2B Integrator and the database is established during installation and runtime.

Note: SSL is configured only on Oracle 12C R2 and Oracle Database 12c Enterprise Edition Release 12.2.0.1.0.

Installing

You can enable the SSL option using the IBM Installation Manager using the GUI or a silent response file.

Installing using GUI

Perform the following steps:

  1. From the Database Vendor Selection in the left navigation pane, select Oracle from Database Vendor.

    A new option, Use SSL appears on the screen.

  2. Select the Use SSL option.
  3. Specify the following fields:
    Field Name Description
    Truststore File File path of the truststore for SSL connection. Mandatory
    Truststore Password Password for the truststore key. Mandatory
    Keystore File File path of the keystore. Optional. Required only for two-way SSL connection. The JKS keystore type is supported.
    Keystore Password Password for the keystore file. Optional. Required only for two-way SSL connection.
    TLS Version TLS version to be used for the connection. The default value is 1.2. Optional.
  4. Click Next to continue the installation.

    A secure connection is established between Sterling B2B Integrator and the Oracle database.

Installing using silent file

Add the following parameters to the response file:
Parameter Value SSL
user.sb.useSSL Indicates whether SSL with the Oracle database is turned on or off. The values used are True or False. Required
user.sb.trustStore Path of the truststore file in the file system Required
user.sb.trustStorePassword Password of the truststore key in plain text format Required
user.sb.keyStore Path of the keystore file in the file system Optional
user.sb.keyStorePassword Password of the keystore key in plain text format Optional
user.sb.tls_version TLS protocol version value. The default value is 1.2. Optional

Upgrading

You can upgrade with the SSL option using the IBM Installation Manager using the GUI or a silent response file.
Note: A one-time change is required which needs to be done prior to the upgrade.

In place upgrade

There are 2 scenarios for upgrade -
  • Upgrade to a new version with the first time SSL setup
  • Upgrade to a new version that already has SSL connectivity
For both the upgrade scenarios, you need to enable the following properties (SSL parameters) in the sandbox.cfg file.
  • useSSL
  • trustStore
  • trustStorePassword
  • keyStore
  • keyStorePassword
Follow these steps to upgrade:
  1. Hardstop the server.
  2. Add the SSL entries in the sandbox.cfg file.
  3. Run setupfiles.sh for Linux or Unix.

    OR

    Run setup.cmd for Windows.

  4. Perform the upgrade.
  5. Restart the server.

Upgrade to a new directory

There are 2 scenarios for upgrade:
  • Upgrade to a new version with the first time SSL setup
  • Upgrade to a new version that already has SSL connectivity

In both the cases, you need to enable the SSL parameters either from the GUI or the silent file and perform the same steps as in place upgrade.