Tomcat ssl connection to Oracle

Tue, 05 Jun 2018 07:38:09 -0700 

I'm trying to configure an SSL Oracle connection.  I'm running on
CentOS7 (for my DB Server and my Web Server).

Tomcat 7.0.76-6 from the CentOS Repository, httpd 2.4.6-80  from the
CentOS Repository on the Web Server
Oracle 12.2.0.1 on the Database Server

I'm setting up the datasource in my web.xml - the 1521 port connection
works fine.  I change to 2484 and made the other following parameters
(javax.net.ssl.trustStore parameters):

        <context-param>
                <param-name>type</param-name>
                <param-value>SIMPLE</param-value>
        </context-param>
        <context-param>
                <param-name>datasource</param-name>
                <param-value>mydatasource</param-value>
        </context-param>
        <context-param>
                <param-name>driver</param-name>
                <param-value>oracle.jdbc.OracleDriver</param-value>
        </context-param>
        <context-param>
                <param-name>url</param-name>
<!--
<param-value>jdbc:oracle:thin:@myserver.mydomain.com:1521:mydatasource</param-value>
-->
                <param-value>jdbc:oracle:thin:@(DESCRIPTION=
(ADDRESS=(PROTOCOL=TCPS)(PORT=2484)(HOST=myserver.mydomain.com))(CONNECT_DATA=(SERVICE_NAME=mydatasource.myserver.mydomain.com)))</param-value>
        </context-param>
        <context-param>
                <param-name>javax.net.ssl.trustStore</param-name>
                <param-value>/usr/share/tomcat/conf/TrustStore.JKS</param-value>
        </context-param>
        <context-param>
                <param-name>javax.net.ssl.trustStoreType</param-name>
                <param-value>JKS</param-value>
        </context-param>
        <context-param>
                <param-name>javax.net.ssl.trustStorePassword</param-name>
                <param-value>mypassword</param-value>
        </context-param>
        <context-param>
                <param-name>username</param-name>
                <param-value>myuser</param-value>
        </context-param>
        <context-param>
                <param-name>mydbpass</param-name>
                <param-value>apso11</param-value>
        </context-param>


It fails with the following error:

May 22 12:12:00 myserver server: Caused by:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target


the TrustStore.JKS is in that directory.

If I move the jafax.net.ssl.trustStore parameters to the JAVA_OPTS
line, in the startup, then it works.


JAVA_OPTS="-Xms1024m -Xmx2048m
-Djavax.net.ssl.trustStore=/usr/share/tomcat/conf/TrustStore.JKS
-Djjavax.net.ssl.trustStoreType=JKS
-Djavax.net.ssl.trustStorePassword=mypassword"

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to