Hello, it seems you have changed the default Java trust store, so you also need to provide its password.
You should provide more info about your requirements: - server authentication only or client authentication too (mTLS in Oracle documentation)? - which version of ucp/ojdbc are you using (Oracle adds features over time)? In my experience if you only need server authentication and you are using driver version 11.2 or later, the only configuration required is: - change protocol and port in the URL or tnsnames.ora file - add the certificate of root (issuer) CA to Java trust store If you are using a Java version provided by RedHat then adding the certificate is simply as copying the certificate file to /usr/share/pki/ca-trust-source/anchors/ and run update-ca-trust [1]. If client authentication (mTLS) is required then you must prepare a wallet and add extra jars to your deployment [2]. Roberto [1] https://access.redhat.com/documentation/it-it/red_hat_enterprise_linux/7/html/security_guide/sec-shared-system-certificates [2] https://docs.oracle.com/en/database/oracle/oracle-database/19/jjdbc/client-side-security.html#GUID-2BD2F189-A58C-4A85-8524-CFD9BB9AC575 -----Messaggio originale----- Da: Mark Thomas <ma...@apache.org> Inviato: venerdì 9 febbraio 2024 10:09 A: users@tomcat.apache.org Oggetto: Re: Tomcat Instance unable to connect to DB with TCPS CAUTION - This e-mail originates outside of Dedalus. Be vigilant with content, links and attachments! On 09/02/2024 02:54, Kebret, Michael wrote: > Tomcat version 9.0.83 running on Linux redhat 7 java 11.0.20. > > When changing the protocol from TCP to TCPS in Catalina.properties and in > server.xml we have attribute truststorePassword= (tested with both cleartext > and encrypted) password connection is refused to the DB and get the below > exceptions. It isn't clear what configuration you are using. Please provide both the non-TLS and TLS configurations. > However, when we add -Djavax.net.ssl.trustStorePassword=cleartext to > setenv.sh the connection is made successfully. Wanted to see if anyone > has faced something similar or have any suggestions on how I can get > TCPS working without having to use -D option in setenv.sh My reading of [1] is that the property name is "javax.net.ssl.trustStorePassword" whether it is set as a connection property or as a system property. You seem to be using a connection property of "truststorePassword" which is a Tomcat property for HTTPS connections. Mark [1] https://www.oracle.com/docs/tech/wp-oracle-jdbc-thin-ssl.pdf --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org