Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
AS_User Honored Contributor.
Honored Contributor.
642 views

SSL JDBC TB FlexConnector

Hi,

I am trying to create a flexconnector to query a postgres sql DB which requires SSL to establish the connection.

Does anyone know the process for connecting via SSL? I presume i need to import the certificate into the connector keystore (which i can do) and then somehow instruct the connector to use SSL in the connection string? Ive tried the following with no success: jdbc:postgresql://host:port/database;ssl=true

Thanks, Tom

Labels (2)
0 Likes
5 Replies
jring1 Frequent Contributor.
Frequent Contributor.

Re: SSL JDBC TB FlexConnector

Hi,

assuming the driver gets loaded correctly etc, have you tried adding &loglevel=2 for debug output to the connection string?

Or maybe &sslfactory=org.postgresql.ssl.NonValidatingFactory (for testing only - THIS IS A SECURITY HOLE!) to rule out stuff like non-matching hostname and cert CN (the hostname in the connection string must exactly match the certificate CN or one of the subject alternate name DNS entries).

Joachim

0 Likes
Outstanding Contributor.. mustapha_arakji Outstanding Contributor..
Outstanding Contributor..

Re: SSL JDBC TB FlexConnector

Did you find a solution for this one? I have oracle database with SSL connection requirements.

Mustapha
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: SSL JDBC TB FlexConnector

If it's the Oracle AuditDB, then during initial setup of the connector (or runagentsetup if it's already installed), you can tick "SSL Connection". This requires you to have a jks or pkcs12 formatted certificate, which you will need to fill in for the rest of the information (truststore path, truststore password etc). This should be the root/intermediate certificate used to sign the certificate the database is using.

The connector documentation both for specific oracle products and the flexconnector developer guide includes the information on how to configure SSL:

https://community.softwaregrp.com/t5/ArcSight-Connectors/tkb-p/connector-documentation

-----------------------------------------------------------------------------------------
All topics and replies made is based on my personal opinion, viewpoint and experience, it does not represent the viewpoints of MicroFocus.
All replies is based on best effort, and can not be taken as official support replies.
//Marius
0 Likes
Outstanding Contributor.. mustapha_arakji Outstanding Contributor..
Outstanding Contributor..

Re: SSL JDBC TB FlexConnector

Hi Marius,

For flex installation, you don't have the option to select SSL during connector installation. This option is only in Oracle DB smart connector. But with the help of a friend I was able to find my way out. You will need to specify "TCPS" in the JDBC URL, something like this:

agent.properties:

agents[0].databases[0].url=jdbc\:oracle\:thin\:@(DESCRIPTION\=(ADDRESS\=(PROTOCOL\= TCPS)(HOST\=myhostname)(PORT\=1234))(CONNECT_DATA\=(SERVICE_NAME\=myServiceName)))

Then you will need to install the certificate into the JVM, using the keytool

Though this will remediate the certificate issue, but still I couldn't connect. I tried to force the connection to use TLSv1.2, but in the logs, it doesn't seem to even try, and it's stunk in TLSv1.

In my agent.out.wrapper.log, I always see this one:

"*** ClientHello, TLSv1"

Anyone?

Mustapha
0 Likes
Outstanding Contributor.. mustapha_arakji Outstanding Contributor..
Outstanding Contributor..

Re: SSL JDBC TB FlexConnector

I ended up enabled TLS through "agent.wrapper.conf"

Something similar to:

wrapper.java.additional.11=-Doracle.net.ssl_version=1.2


wrapper.java.additional.12=-Doracle.net.ssl_cipher_suites=TLS_RSA_WITH_AES_256_CBC_SHA256
wrapper.java.additional.13=-Doracle.net.ssl_server_dn_match=TRUE

wrapper.java.additional.14=-Djavax.net.ssl.keyStore=/my_path/my_keystore.jks

wrapper.java.additional.15=-Djavax.net.ssl.keyStoreType=JKS

wrapper.java.additional.16=-Djavax.net.ssl.keyStorePassword=my_pass

Mustapha
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.