Configuring SSL connections between the wire listener and the database server

You can encrypt the connections between the wire listener and the database server with the Secure Sockets Layer (SSL) protocol.

Before you begin

You must have SSL configured for the database server. See Configuring a server instance for secure sockets layer connections.

About this task

The wire listener must use the same public key certificate file as the database server.

Procedure

To configure SSL connections between the wire listener and the database server:
  1. Use the keytool utility that comes with your Java runtime environment to import a client-side keystore database and add the public key certificate to the keystore:
    C:\work>keytool -importcert -file server_keystore_file -keystore client_keystore_name

    The server_keystore_file is the name of the server key certificate file.

  2. Edit the wire listener properties file to update the url property to use the SSL port that you configured for the database server and add the SSLCONNECTION=true property to the end of the URL.
  3. Start the listener with the javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword system properties set:
    java -Djavax.net.ssl.trustStore="client_keystore_path" 
    -Djavax.net.ssl.trustStorePassword="password" -jar jsonListener.jar 
    -config jsonListener.properties -logfile jsonListener.log -start

    The client_keystore_path is the full path and file name of the client keystore file. The password is the keystore password.