6-32 Oracle Fusion Middleware Administrators Guide CONNECT_DATA = SERVER = DEDICATED SERVICE_NAME = mynode.mycorp.com SSL = DESCRIPTION = ADDRESS_LIST = ADDRESS = PROTOCOL = TCPSHOST = mynode.mycorp.comPORT = 2490 CONNECT_DATA = SERVICE_NAME = mynode.mycorp.com SECURITY=SSL_SERVER_CERT_DN=\CN=server_test,C=US\ 3. Test the connection to the database using the new connect string. For example: tnsping ssl sqlplus usernamepasswordssl

6.6.3.2 SSL-Enable a Data Source

Take these steps to configure your data sources on Oracle WebLogic Server to use SSL. 1. Create a truststore and add the root certificate which is created when SSL-enabling the database as a trusted certificate to the truststore. 2. In the Oracle WebLogic Server Administration Console, navigate to the Connection pool tab of the data source that you are using. The properties you need to specify in the JDBC Properties text box depend on the type of authentication you wish to configure. ■ If you will require client authentication two way authentication: javax.net.ssl.keyStore=..password of the keystore javax.net.ssl.keyStoreType=JKS javax.net.ssl.keyStorePassword=...password of the keystore javax.net.ssl.trustStore=...the truststore location on the disk javax.net.ssl.trustStoreType=JKS javax.net.ssl.trustStorePassword=...password of the truststore ■ If you will require no client authentication: javax.net.ssl.trustStore=...the truststore location on the disk javax.net.ssl.trustStoreType=JKS javax.net.ssl.trustStorePassword=...password of the truststore See Also: The chapter Configuring Secure Sockets Layer Authentication in the Oracle Database Advanced Security Administrators Guide. Note: The data source can be an existing source such as an Oracle WebCenter data source, or a new data source. See Creating a JDBC Data Source in Oracle Fusion Middleware Configuring and Managing JDBC for Oracle WebLogic Server for details. Configuring SSL in Oracle Fusion Middleware 6-33 3. In the URL text box, enter the JDBC connect string. Ensure that the protocol is TCPS and that SSL_SERVER_CERT_DN contains the full DN of the database certificate. Use the following syntax: jdbc:oracle:thin:DESCRIPTION=ADDRESS_ LIST=ADDRESS=PROTOCOL=TCPSHOST=host-namePORT=port-numberCONNECT_ DATA=SERVICE_NAME=serviceSECURITY=SSL_SERVER_CERT_DN=CN=server_ test,C=US 4. Test and verify the connection. Your data source is now configured to use SSL.

6.7 Advanced SSL Scenarios

This section explains how to handle additional SSL configuration scenarios beyond the basic topologies described earlier: ■ Hardware Security Modules and Accelerators ■ CRL Integration with SSL ■ Oracle Fusion Middleware FIPS 140-2 Settings

6.7.1 Hardware Security Modules and Accelerators

A Hardware Security Module HSM is a physical plug-in card or an external security device that can be attached to a computer to provide secure storage and use of sensitive content. Oracle Fusion Middleware supports PKCS11-compliant HSM devices that provide a secure storage for private keys. Take these steps to implement SSL for a component using a PKCS11 wallet: 1. Install the HSM libraries on the machine where the component is running. This is a one-time task and is device-dependent. 2. Next, create a wallet using Oracle Wallet Manager OWM or the orapki command-line tool. Note the following: a. Choose PKCS11 as the wallet type. b. Specify the device-specific PKCS11 library used to communicate with the device. This library is part of the HSM software. On Linux, the library is located at: For LunaSA Safenet: usrlunasaliblibCryptoki2.so For nCipher: optnfasttoolkitspkcs11libcknfast.so On Windows, the library is located at: For LunaSA Safenet: C:\Program Files\LunaSA\cryptoki.dll 3. Now follow the standard procedure for obtaining third-party certificates, that is, creating a certificate request, getting the request approved by a Certificate Authority CA, and installing the certificate signed by that CA. Note: This discussion applies only to Oracle HTTP Server, Oracle Web Cache, and Oracle Internet Directory, which are the system components supporting HSM.