Skip to main content
Version: 6.11.0

Configure TLS communication with Oracle DB

The default behaviour is to use unencrypted communication between the Portal and its database. We can instead use encrypted communication by configuring both Oracle and the Portal appropriately.

Steps:

  1. Enable SSL on Oracle DB:

    Configure TLS on Oracle as per Oracle's documentation - for example:

    Oracle 23ai: https://docs.oracle.com/en/database/oracle/oracle-database/23/dbseg/configuring-transport-layer-security-encryption.html

    Oracle 21c: https://docs.oracle.com/en/database/oracle/oracle-database/21/dbseg/configuring-secure-sockets-layer-authentication.html

    Either a self signed or CA signed certificate can be used. Self signed may be sufficient for the purpose of encrypting communication.

  2. As part of the Oracle set up above a 'wallet' file (cwallet.sso) should be created.

    This needs to be copied to a file location accessible to the Portal eg /opt/waratek/oraclessl

  3. Update the database connection url property in application.properties to reference the wallet (and use the port configured in step one for TCPS)

    spring.datasource.url=jdbc:oracle:thin:@tcps://<host>:<port>/<dbname>?wallet_location=<wallet_location>

    eg

    spring.datasource.url=jdbc:oracle:thin:@tcps://localhost:1521/DB1?wallet_location=/opt/waratek/oraclessl

  4. Re-start the Portal.

    systemctl start portal

Communication with Oracle DB should now be encrypted.