Configure TCP/IP with SSL/TLS for Sharding – GSM JDBC THIN MODE
(Doc ID 2881420.1)
Last updated on JULY 20, 2024
Applies to:
Oracle Database - Enterprise Edition - Version 19.11.0.0.0 and laterInformation in this document applies to any platform.
Goal
Configuration of TCP/IP with SSL/TLS for Sharding (GSM JDBC THIN MODE)
The GSM interface cli (GDSCTL) uses thin driver (by default) and GSM uses ANO encryption (default) for secure connection.
To implement TLS v1.2, we can't have double encryption stacks, thus, ANO must be disabled.
The below procedure is the workaround by using OCI thick driver.
The document describes how to configure TCP/IP with SSL/TLS where GSM is using the default thin driver.
In some releases, due to known bugs you may need to use the GSM OCI Mode 2881390.1
Native Network Encryption for Sharding Connections
PRI +----------+ +----------+ +----------+ +----------+ +----------+
CDB | gsm1 | | cdbcat | | cdb1 | | cdb2 | | cdb3 |
PDB | | | cat | | sh1 | | sh2 | | sh3 |
HOST | host1 | | host2 | | host3 | | host4 | | host5 |
R:DC1 +----------+ +----------+ +----------+ +----------+ +----------+
| | |
v v v
ADG +----------+ +-----------+ +----------+ +----------+
CDB | gsm2 | | cdb11 | | cdb12 | | cdb13 |
PDB | | | sh1 | | sh2 | | sh3 |
HOST | host6 | | host7 | | host8 | | host9 |
R:DC2 +----------+ +-----------+ +----------+ +----------+
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Configuration of TCP/IP with SSL/TLS for Sharding (GSM JDBC THIN MODE) |
Native Network Encryption for Sharding Connections |
Solution |
Prerequisites and Assumptions |
Setup Wallet and Certificate |
1.Create Wallet on GSM and all hosts |
2.Create wallet on GSM client |
3.Exchange Certificates |
4.Network Configuration |
5.Client Connectivity |
References |