Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
Configure Secure Connections for an Oracle Database
If the Oracle database server requires a secure connection, complete the following steps (if the Oracle database does not require a secure connection, you can omit these steps):
Note If you have configured CSA to be compliant with FIPS 140-2, you cannot configure a secure connection for the Oracle database. If you configure a secure connection for the Oracle database, you cannot configure CSA to be compliant with FIPS 140-2.
-
Complete one of the following tasks:
-
If you do not want to configure CSA to check the database DN, do the following:
-
Open
CSA_HOME/jboss‑as/standalone/configuration/standalone.xml
in a text editor. -
Add the following to the Oracle datasource:
<connection-url>jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL = TCPS)(HOST = <host>)(PORT = 1521)))(CONNECT_DATA =(SERVICE_NAME = ORCL)))</connection-url>
where
<host>
is the name of the system on which the Oracle database server is installed. - Save and close the file.
-
Import the Oracle database server Certificate Authority's root certificate into the Java truststore of CSA.
- Copy the Oracle database server Certificate Authority's root certificate to the CSA system. If necessary, contact your database administrator to obtain the Oracle database server certificate.
-
On the CSA system, open a command prompt and run the
keytool
utility with the following options to create a local trusted certificate entry for the Oracle database server.Windows:
"CSA_JRE_HOME\bin\keytool" -importcert -trustcacerts
-alias oracledb
-keystore "CSA_JRE_HOME\lib\security\cacerts"
-file <c:\certfile_name.cer> -storepass changeitLinux:
CSA_JRE_HOME/bin/keytool -importcert -trustcacerts
-alias oracledb
-keystore CSA_JRE_HOME/lib/security/cacerts
-file </tmp/certfile_name.cer> -storepass changeitwhere
CSA_JRE_HOME
is the directory in which the JRE that is used by CSA is installed and<c:\certfile_name.cer>
on Windows or</tmp/certfile_name.cer>
on Linux is the path and name of the Certificate Authority's root certificate for the Oracle database server. The file extension may be.crt
rather than.cer
. You can also use a different value for-alias
. - At the prompt to import the certificate, type Yes.
- Press Enter.
-
Restart CSA.
See Restart CSA for instructions.
-
-
If you want to configure CSA to check the database DN, do the following:
-
Open
CSA_HOME/jboss‑as/standalone/configuration/standalone.xml
in a text editor. -
Add the following to the Oracle datasource:
<connection-url>jdbc:oracle:thin:@(DESCRIPTION =(ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCPS)(HOST = <host>)(PORT = 1521)))(CONNECT_DATA = (SERVICE_NAME = ORCL))(SECURITY=(SSL_SERVER_CERT_DN="CN=abc,OU=dbserver,O=xyz,L=Sunnyvale,ST=CA,C=US")))</connection-url>
where
<host>
is the name of the system on which the Oracle database server is installed and the values forSSL_SERVER_CERT_DN
are for the DN of the Oracle database server. -
Add the following to the
system-properties
element:<property name="oracle.net.ssl_server_dn_match" value="true" />
- Save and close the file.
-
Import the Oracle database server Certificate Authority's root certificate into the Java truststore of CSA.
- Copy the Oracle database server Certificate Authority's root certificate to the CSA system. If necessary, contact your database administrator to obtain the Oracle database server certificate.
-
On the CSA system, open a command prompt and run the
keytool
utility with the following options to create a local trusted certificate entry for the Oracle database server.Windows:
"CSA_JRE_HOME\bin\keytool" -importcert -trustcacerts
-alias oracledb
-keystore "CSA_JRE_HOME\lib\security\cacerts"
-file <c:\certfile_name.cer> -storepass changeitLinux:
CSA_JRE_HOME/bin/keytool -importcert -trustcacerts
-alias oracledb
-keystore CSA_JRE_HOME/lib/security/cacerts
-file </tmp/certfile_name.cer> -storepass changeitwhere
CSA_JRE_HOME
is the directory in which the JRE that is used by CSA is installed and<c:\certfile_name.cer>
on Windows or</tmp/certfile_name.cer>
on Linux is the path and name of the Certificate Authority's root certificate for the Oracle database server. The file extension may be.crt
rather than.cer
. You can also use a different value for-alias
. - At the prompt to import the certificate, type Yes.
- Press Enter.
-
Restart CSA.
See Restart CSA for instructions.
-
-
-
If client authentication is enabled on the Oracle database server, do the following:
-
Open
CSA_HOME/jboss‑as/standalone/configuration/standalone.xml
in a text editor. -
Add the following to the
system-properties
element:<property name="javax.net.ssl.keyStore" value="<certificate_key_file>" />
<property name="javax.net.ssl.keyStorePassword" value="<certificate_key_file_password>" />
<property name="javax.net.ssl.keyStoreType" value="<certificate_key_file_type>" />where
<certificate_key_file>
is the same keystore file defined by thecertificate-key-file
attribute in thessl
element (for example,CSA_HOME/jboss‑as/standalone/configuration/.keystore
),<certificate_key_file_password>
is the password to the keystore file (for example, changeit), and<certificate_key_file_type>
is the keystore type (for example, JKS or PKCS12). - Save and close the file.
- Use Oracle's wallet manager to import CSA's certificate into the Oracle database server's wallet as a trusted certificate.
-
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to clouddocs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: