OSP, On 4/7/2016 8:28 AM, Christopher Schultz wrote: > OSP, > > On 4/7/16 10:08 AM, Linux Support wrote: >> Greetings all, >> >> ===== Server number: 8.0.28.0 OS Name: Linux OS Version: >> 2.6.32-573.8.1.el6.x86_64 JVM Version: 1.8.0_66-b17 ===== >> >> Back end database is mariadb residing on a another remote linux >> instance. I have downloaded and copied the Mariadb jdbc driver to >> the lib directory of the TC server. >> >> Can you let me know how to encrypt the database connectivity from >> the TC instance to the DB instance. > > Just to confirm: you want to encrypt the communication channel > between your application (really the JDBC driver) and the database? > > -chris
There appears to be at least two ways of doing this. 1. Build an SSH tunnel between your Tomcat server and DB server This requires ssh and remote access to the DB server. You'll also want to configure a tunnel to come up when your Tomcat server is restarted and resume if the tunnel disconnects. You'll probably want to use a certificate-based authentication for the SSH tunnel so user names and passwords don't have to be entered. 2. Use SSL at the JDBC level MariaDB can be configured to use SSL, and the client can be configured to use a certificate. I've not done this, but it appears that the connection parameters are useSSL=true, requireSSL=true, serverSslCert=certpath. certpath appears to be an absolute file path, a path relative to the current classpath, or a DER-encoded certificate string. You may (most probably) have to install JCE for the version of Java that you are using. Please note that I've not tried any of this. Hopefully, the above pointers will get you started. . . . just my two cents /mde/
signature.asc
Description: OpenPGP digital signature
