SSL support for SQL Proxy beta connections

XTAM supports accepting SSL connections from native Oracle clients as well as support for connections to destination Oracle RDBMS end-points using SSL connections.

This option secures Oracle RDBMS traffic from the native client to SQL Proxy to the destination Oracle RDBMS instance.

In addition to this, the option allows exposing non-SSL traffic from several RDBMS instances through an SSL-enabled channel for outside clients.

To enable SSL for the Oracle connection, include (protocol=tcps) to the address specification of the connection string.

To establish trust between native clients and SQL Proxy, import public proxy certificate found in $XTAM/content/keys/certificate_rdp.cer to the native client key store.

For example, configuration for SQL Developer might include the following procedure:

1
2
3
4
5
keytool -importcert -trustcacerts -file certificate_rdp.cer -keystore chain.jks

AddVMOption -Djavax.net.ssl.trustStore=$STORE_PATH/chain.jks
AddVMOption -Djavax.net.ssl.trustStoreType=JKS
AddVMOption -Djavax.net.ssl.trustStorePassword=changeit