Entering content frame

Procedure documentation Setting Up an SSL Connection Locate the document in the library structure

Use

You may use SSL to encrypt communication between the Java application and the database instance. You configure the Java runtime environment and adjust the JDBC connection options.

Prerequisites

·        You use MaxDB in an SAP System.

·        You have configured MaxDB installation for SSL. See service.sap.com/installNW2004s ® SAP NetWeaver 2004s <ABAP | Java> on <operating_system>: MaxDB

·        Java 1.4.0 or higher is installed

·        MaxDB 7.6 or higher is installed

Procedure

Once you have received the server certificate from a Certification Authority included on the list of trusted Certification Authorities of the Java runtime environment, you can begin with step 4.

...

       1.         To add the server certificate to the list of trusted certificates, import it using the keytool program from Java runtime environment to a trust store file.

keytool –import -keystore <TRUSTSTORE> -file <CERTIFICATE>

<TRUSTSTORE> = name of the trust store file

<CERTIFICATE> = name of the file where the certificate of the MaxDB server is stored.

       2.      Enter the password for the trust store file.

       3.      Adjust the call of the Java application, which should communicate with the database instance using SSL, as follows:

-Djavax.net.ssl.trustStore=<TRUSTSTORE> -Djavax.net.ssl.trustStorePassword=<PASSWORD>

<PASSWORD> = Password for the trust store file

       4.         Add the transport=secure option to the connection options. See Specifying Other Connection Options.

To perform tests, you can switch off certain checks for starting the SSL connection by specifying the following connection options.

Connection option

Description

acceptServerCertificateAlways

yes: The certificate of the MaxDB server is not matched to one of the trusted certificates in the list. It is not checked whether the validity period of the certificate has expired.

ignoreHostNameInServerCert

Yes: The computer name stated in the MaxDB certificate is not checked.

no: A check is carried out to determine whether the name of the MaxDB server for which a connection is started and the common name stated in the server certificate, are identical.

Caution

Only switch off the checks for development or testing purposes because otherwise the security of the connection to the database instance is not guaranteed or only partially guaranteed.

 

Leaving content frame