Jump to: navigation, search

TLS: Configuring the GAX Database

You must configure your Oracle, Microsoft SQL, or PostgreSQL server to use TLS. Refer to the documentation that came with your database for information on how to use TLS security.

Configuring the GAX Database for TLS (Oracle)

Purpose

  • To enable TLS support for your GAX Oracle database.

Prerequisites

Start

  1. Configure Oracle as described in the related database guides, and configure a TCPS listener.
  2. Set the level of TLS control on the DAP.
    1. In the GAX section of the DAP, create an option that is named tls_mode.
    2. Specify one of the following values for the tls_mode option:
  • off—No TLS will be used.
  • required—If a server does not support TLS, revoke the connection.
  • authentication—GAX will validate the server send-certificate with the local trust store.
  • <option not set>—Same as off.

End

Configuring the GAX Database for TLS (Microsoft SQL Server)

Prerequisites

Start

  1. Configure Microsoft SQL Server as described in the related database guides.
  2. Set the level of TLS control on the DAP.
    1. In the GAX section of the DAP, create an option that is named tls_mode.
    2. Specify one of the following values for the tls_mode option:
  • off—Do not use TLS.
  • request—If the server supports TLS, it is used.
  • required—If the server does not support TLS, the connection is revoked.
  • authentication—GAX validates the server-send certificate against the local trust store.
  • <option not set>—Same as off.
  • Verify that the configured port is identical to the TLS listener port of Microsoft SQL Server
  • Due to an incompatibility between newer versions of Java and the Microsoft SQL Server driver, disable CBC Protection to enable GAX to connect to a Microsoft SQL Server database.
    • For Windows, add the following line to the setenv.bat file:

    set JAVA_OPTS=%JAVA_OPTS% -Djsse.enableCBCProtection=false

    • For Linux, add the following line to the setenv.sh file:

    JAVA_OPTS="$JAVA_OPTS -Djsse.enableCBCProtection=false"

    End

    Configuring the GAX Database for TLS (PostgreSQL)

    Prerequisites

    Start

    1. Configure PostgreSQL as described in the related database guides.
    2. Set the level of TLS control on the DAP.
      1. In the GAX section of the DAP, create an option that is named tls_mode.
      2. Specify one of the following values for the tls_mode option:
    • off—Do not use TLS.
    • required—If the server does not support TLS, the connection is revoked.
    • authentication—GAX validates the server-send certificate with the local trust store.
    • <option not set>—Same as off.

    End

    This page was last edited on July 17, 2020, at 15:55.
    Comments or questions about this documentation? Contact us for support!