Protecting sensitive data of your customers has always been important.
GDPR suggests to apply encryption wherever possible to limit the risks of a data breach.
For a project at a customer, encrypting the connection between a Tomcat application and its Oracle Database server became a requirement.
I have been struggling with setting up Tomcat to use the Oracle Wallet without success.
Many websites and blog posts are either outdated, oversimplify the solution or are full of unanswered/unsolved help cries, or opted to implement the solution in code rather than using JNDI.
No matter what I tried, I was always saluted with the following exception when Tomcat starts to initialize the connections:
Caused by: oracle.net.ns.NetException: Unable to initialize the key store.
... 41 more
Caused by: java.security.KeyStoreException: SSO not found
... 42 more
Caused by: java.security.NoSuchAlgorithmException: SSO KeyStore not available
... 43 more
Thanks to a member of the Tomcat User Mailinglist I was able to make it work by using the original Java KeyStore which was used for creating the Oracle Wallet in the first place.
Here are the steps I made to get Tomcat working with TCPS to the Oracle Database:
- Add the following jar files in lib/ of Tomcat:
ojdbcX.jar (X = relevant major version of Java, vbl: 8)
- In ./jre/lib/security/java.security add the following:
- In context.xml:
- url="jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCPS)(HOST=)(PORT=2484)))(CONNECT_DATA=(SERVICE_NAME=< SERVICE NAME >)))"