Configure TLS in user environment
On Windows
Step 1: Load oracle server wallet certificate to portal and upgrader Java KeyStore. This step is required only if the wallet certificate is self-signed.
- Add server certificate in portal Java.
cd C:\opt\jre\bin keytool -import -trustcacerts -alias ora_server_cert -file C:\opt\oracle\network\client_wallet\server-cert-db.crt -keystore C:\opt\jre\lib\security\cacerts cd C:\opt\jdk\bin keytool -import -trustcacerts -alias ora_server_cert -file C:\opt\oracle\network\client_wallet\server-cert-db.crt -keystore C:\opt\jdk\lib\security\cacerts password: changeit
- Add server certificate in upgrader Java.
cd C:\opt\aptare\upgrade\jre\bin keytool -import -trustcacerts -alias ora_server_cert -file C:\opt\oracle\network\client_wallet\server-cert-db.crt -keystore C:\opt\aptare\upgrade\jre\lib\security\cacerts password: changeit
Step 2: Ensure the Oracle service user has READ access to cwallet.sso file of the server wallet. To provide the permission:
- Right-click on the
cwallet.ssofile of the server wallet and select Properties. - Go to the Security tab and click Edit of the group or user names.
- Click Add, search for Oracle service user, and click OK.
- Select READ permission and click OK.
Step 3: Modify connection URL in portal and receiver property file.
Note:
Host, port, and SERVICE_NAME can be different.
- Stop the portal and agent services.
- Modify database URL in
C:\opt\aptare\portalconf\portal.properties.db.url=jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=xx.xx.xx.xx)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=SCDB)))
- Modify database URL in
C:\opt\aptare\datarcvrconf\datrarcvrproperties.xml.<URL>jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=xx.xx.xx.xx)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=SCDB))</URL>
- Start portal and agent service.
On Linux
Step 1: Load oracle server wallet certificate to portal and upgrader Java KeyStore. This step is required only if the wallet certificate is self-signed.
- Login as a root user.
- Add server certificate in portal Java.
cd /user/java/bin keytool -import -trustcacerts -alias ora_server_cert -file /opt/aptare/oracle/network/server_wallet/server-cert-db.crt -keystore /usr/java/lib/security/cacerts password: changeit
- Add server certificate in upgrader Java.
cd C:\opt\aptare\upgrade\jre\bin keytool -import -trustcacerts -alias ora_server_cert -file C:\opt\oracle\network\client_wallet\server-cert-db.crt -keystore C:\opt\aptare\upgrade\jre\lib\security\cacerts password: changeit
Step 2: Modify connection URL in portal and receiver property file.
Note:
Host, port, and SERVICE_NAME can be different.
- Stop the portal and agent services.
/opt/aptare/bin/tomcat-portal stop /opt/aptare/bin/tomcat-agent stop
- Modify database URL in
/opt/aptare/portalconf/portal.properties.db.url=jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS) (HOST=xx.xx.xx.xx)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=SCDB)))
- Modify database URL in
/opt/aptare/datarcvrconf/datrarcvrproperties.xml.<URL>jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS) (HOST=xx.xx.xx.xx)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=SCDB))</URL>
- Start portal and agent services.
/opt/aptare/bin/tomcat-portal start /opt/aptare/bin/tomcat-agent start