DEV Community

Arun Kumar for AWS Community Builders

Posted on

1 1

Configure SSL between RDS and Weblogic / DMS endpoint

Background

Need to enable End to End encryption for connectivity between Apps to RDS DB.

On Oracle RDS side

When creating the Oracle instance, configure the Option group SSL setting like below.

1

On weblogic side

  • After connection pool is created, update the below URL field. For example,
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=<weblogic-host>)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=DEMOWLST)))
Enter fullscreen mode Exit fullscreen mode
  • In the connection Properties, add the following
user=wlsdbuser
databaseName=DEMOWLST
javax.net.ssl.trustStore=/prod/applc/wls/domain/base_domain/certs/trust.jks
javax.net.ssl.trustStoreType=JKS
javax.net.ssl.trustStorePassword=<password, default to Admin password>
Enter fullscreen mode Exit fullscreen mode

2

Creating trusted JKS/Wallet

  • To extract the RDS cert,
openssl s_client -showcerts -connect "{{ datasource.rdsHostName }}:{{ datasource.rdsSSLPort }}" </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/rds.pem

csplit -z -f tmpRDScert- /tmp/rds.pem '/-----BEGIN CERTIFICATE-----/' '{*}'

cp `ls -1 tmpRDScert-* | tail -1` /tmp/rdsRoot.pem
Enter fullscreen mode Exit fullscreen mode
  • To import the root cert to JKS keystore,
keytool -import -alias rds-rootcert -file /tmp/rdsRoot.pem -keystore /prod/applc/wls/domain/base_domain/certs/trust.jks -storepass {{ domain_password }} -noprompt
Enter fullscreen mode Exit fullscreen mode
  • To import the root cert to Oracle Wallet (DMS endpoint require this),
/prod/applc/wls/oracle_common/bin/orapki wallet create -wallet /tmp/ssl_wallet -auto_login_only
/prod/applc/wls/oracle_common/bin/orapki wallet add -wallet /tmp/ssl_wallet -trusted_cert -cert /tmp/rdsRoot.pem -auto_login_only
Enter fullscreen mode Exit fullscreen mode

For Oracle DMS endpoint, you will need to select rds-oracle-wallet when enabling the SSL with β€œverify-ca” option and point the port to the SSL enabled port.

Do your career a big favor. Join DEV. (The website you're on right now)

It takes one minute, it's free, and is worth it for your career.

Get started

Community matters

Top comments (0)

Best Practices for Running  Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK cover image

Best Practices for Running Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK

This post discusses the process of migrating a growing WordPress eShop business to AWS using AWS CDK for an easily scalable, high availability architecture. The detailed structure encompasses several pillars: Compute, Storage, Database, Cache, CDN, DNS, Security, and Backup.

Read full post

πŸ‘‹ Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay