Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Cloud Service Automation4.80.0002

Administer > Configuration > Secure Connections > Configure Secure Connections for an Oracle Database

Configure Secure Connections for an Oracle Database

If the Oracle database server requires a secure connection, complete the following steps (if the Oracle database does not require a secure connection, you can omit these steps):

Note If you have configured CSA to be compliant with FIPS 140-2, you cannot configure a secure connection for the Oracle database. If you configure a secure connection for the Oracle database, you cannot configure CSA to be compliant with FIPS 140-2.

Complete one of the following tasks:
- If you do not want to configure CSA to check the database DN, do the following:
  1. Open CSA_HOME/jboss‑as/standalone/configuration/standalone.xml in a text editor.
  2. Add the following to the Oracle datasource:
    
    <connection-url>jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL = TCPS)(HOST = <host>)(PORT = 1521)))(CONNECT_DATA =(SERVICE_NAME = ORCL)))</connection-url>
    
    where <host> is the name of the system on which the Oracle database server is installed.
  3. Save and close the file.
  4. Import the Oracle database server Certificate Authority's root certificate into the Java truststore of CSA.
    1. Copy the Oracle database server Certificate Authority's root certificate to the CSA system. If necessary, contact your database administrator to obtain the Oracle database server certificate.
    2. On the CSA system, open a command prompt and run the keytool utility with the following options to create a local trusted certificate entry for the Oracle database server.
      
      Windows:
      
      "CSA_JRE_HOME\bin\keytool" -importcert -trustcacerts -alias oracledb -keystore "CSA_JRE_HOME\lib\security\cacerts" -file <c:\certfile_name.cer> -storepass changeit
      
      Linux:
      
      CSA_JRE_HOME/bin/keytool -importcert -trustcacerts -alias oracledb -keystore CSA_JRE_HOME/lib/security/cacerts -file </tmp/certfile_name.cer> -storepass changeit
      
      where CSA_JRE_HOME is the directory in which the JRE that is used by CSA is installed and <c:\certfile_name.cer> on Windows or </tmp/certfile_name.cer> on Linux is the path and name of the Certificate Authority's root certificate for the Oracle database server. The file extension may be .crt rather than .cer. You can also use a different value for -alias.
    3. At the prompt to import the certificate, type Yes.
    4. Press Enter.
    5. Restart CSA.
      
      See Restart CSA for instructions.
- If you want to configure CSA to check the database DN, do the following:
  1. Open CSA_HOME/jboss‑as/standalone/configuration/standalone.xml in a text editor.
  2. Add the following to the Oracle datasource:
    
    <connection-url>jdbc:oracle:thin:@(DESCRIPTION =(ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCPS)(HOST = <host>)(PORT = 1521)))(CONNECT_DATA = (SERVICE_NAME = ORCL))(SECURITY=(SSL_SERVER_CERT_DN="CN=abc,OU=dbserver,O=xyz,L=Sunnyvale,ST=CA,C=US")))</connection-url>
    
    where <host> is the name of the system on which the Oracle database server is installed and the values for SSL_SERVER_CERT_DN are for the DN of the Oracle database server.
  3. Add the following to the system-properties element:
    
    <property name="oracle.net.ssl_server_dn_match" value="true" />
  4. Save and close the file.
  5. Import the Oracle database server Certificate Authority's root certificate into the Java truststore of CSA.
    1. Copy the Oracle database server Certificate Authority's root certificate to the CSA system. If necessary, contact your database administrator to obtain the Oracle database server certificate.
    2. On the CSA system, open a command prompt and run the keytool utility with the following options to create a local trusted certificate entry for the Oracle database server.
      
      Windows:
      
      "CSA_JRE_HOME\bin\keytool" -importcert -trustcacerts -alias oracledb -keystore "CSA_JRE_HOME\lib\security\cacerts" -file <c:\certfile_name.cer> -storepass changeit
      
      Linux:
      
      CSA_JRE_HOME/bin/keytool -importcert -trustcacerts -alias oracledb -keystore CSA_JRE_HOME/lib/security/cacerts -file </tmp/certfile_name.cer> -storepass changeit
      
      where CSA_JRE_HOME is the directory in which the JRE that is used by CSA is installed and <c:\certfile_name.cer> on Windows or </tmp/certfile_name.cer> on Linux is the path and name of the Certificate Authority's root certificate for the Oracle database server. The file extension may be .crt rather than .cer. You can also use a different value for -alias.
    3. At the prompt to import the certificate, type Yes.
    4. Press Enter.
    5. Restart CSA.
      
      See Restart CSA for instructions.
If client authentication is enabled on the Oracle database server, do the following:
1. Open CSA_HOME/jboss‑as/standalone/configuration/standalone.xml in a text editor.
2. Add the following to the system-properties element:
  
  <property name="javax.net.ssl.keyStore" value="<certificate_key_file>" /> <property name="javax.net.ssl.keyStorePassword" value="<certificate_key_file_password>" /> <property name="javax.net.ssl.keyStoreType" value="<certificate_key_file_type>" />
  
  where <certificate_key_file> is the same keystore file defined by the certificate-key-file attribute in the ssl element (for example,
  CSA_HOME/jboss‑as/standalone/configuration/.keystore), <certificate_key_file_password> is the password to the keystore file (for example, changeit), and <certificate_key_file_type> is the keystore type (for example, JKS or PKCS12).
3. Save and close the file.
4. Use Oracle's wallet manager to import CSA's certificate into the Oracle database server's wallet as a trusted certificate.

Send Help Center feedback