CONNX Data Integration Suite 14.8.0 | Concepts | Advanced Features of CONNX | SSL/TLS Support | SSL with JDBC
 
SSL with JDBC
CONNX Supports SSL/TLS connections from the pure java JDBC Driver to the 32-bit and 64-bit JDBC Server service running on Windows or Unix.
In order to use CONNX with SSL when connecting with JDBC, the following requirements must be met.
1. The CONNX JDBC Server service must be configured to listen with SSL.
2. An SSL Certificate and Key file are required.
Creating an SSL Certificate and Key File
Use openssl to create your certificate and key file.
CONNX ships with a 64-bit OpenSSL command line. It is located in the OpenSSL directory under the root of your 64-bit CONNX installation.
Open a command prompt and navigate to this directory. The following is an example of creating a self-signed key and certificate:
openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -config openssl.cnf
In this example, key.pem is the private key file, and cert.pem is the certificate file. Both of these files are required when configuring the SSL Listener.
Importing the Certificate into the Java Security Store
The certificate used in the JDBC server must be imported into the Java security store.
First, identify which Java jdk/sdk the application uses.
Then, locate the "cacerts" security file under that directory structure.
Use the keytool utility to import the certificate. The default password for a java security store is "changeit" - you will be prompted for the password of the security store.
The following is an example of how to import a certificate into the java security store:
c:\Program Files (x86)\Java\jdk1.7.0_17>keytool -import -alias example -keystore "C:\Program Files (x86)\Java\jdk1.7.0_17\jre\lib\security\cacerts" -file c:\project\connx\OpenSSL32\server.crt
Enabling Support for Large Cryptographic Key Lengths in Java
If you are not using the latest version of Java, you may be using a version that has a default policy of a limited cryptographic key length. If you are not using one of the Java versions listed below, you will need to download and install the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy" for your version of Java.
Enabling SSL for the CONNX JDBC Server Service
To Enable CONNX SSL for ESS, set CONNX.JDBC.CNXLISTENSSL to 1.
Transfer your SSL Certificate and key to system running the CONNX JDBC Servers.
Define the CONNX.JDBC.SSLCERT and CONNX.JDBC.SSLKEY configuration settings that will point CONNX to the certificate and key.
Once these setting changes are made, restart the JDBC server.
On the client (the Java application), a new setting must be added to the connection string to enable SSL connections to the JDBC Server. The setting name is SSL, and it should be set to true.
The following is an example connection string with SSL enabled:
jdbc:connx:DD=oracle;Gateway=localhost;Port=7500;ssl=true