Synchronizer management

Configure trust with a secure database

If your environment includes a secure connection to your ValueEdge and ALM Octane Synchronizer database, you need to establish trust.

Import the certificates from the database to the JAVA_HOME cacerts, as described in the section Configure trust.
In the Synchronizer configuration file, edit the connectionString property as follows.

For Oracle:

Define the connectionString parameter similar to the following:

jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=oracle.dbserver.com)(PORT=ssl_port))(CONNECT_DATA=(SERVICE_NAME=your_service_name)))

For MSSQL:

SQL Server Scenario Instructions

SSL/TLS is required

SQL Server Scenario	Instructions
SSL/TLS is required	Add the encryption method to the end of the connectionString value. `jdbc:sqlserver://<server>:<port>;encrypt=true;trustServerCertificate=true`
SSL without certificate validation	When using SSL, disable validation of the certificate sent by the database server. Add the encryption method to the end of the connectionString value, and apply the certificate into the java certs file located under <JAVA_HOME>\jre\lib\security\certs. `jdbc:sqlserver://<server>:<port>;encrypt=true;trustServerCertificate=false;trustStore=<Java Certs file>;trustStorePassword=<JKS password>`

Add the encryption method to the end of the connectionString value.

jdbc:sqlserver://<server>:<port>;encrypt=true;trustServerCertificate=true

SSL without certificate validation

When using SSL, disable validation of the certificate sent by the database server. Add the encryption method to the end of the connectionString value, and apply the certificate into the java certs file located under <JAVA_HOME>\jre\lib\security\certs.

jdbc:sqlserver://<server>:<port>;encrypt=true;trustServerCertificate=false;trustStore=<Java Certs file>;trustStorePassword=<JKS password>

Configure trust

Configure trust on the Synchronizer Service server when you need to connect to any other server over a secure channel.

Obtain the certificate of the root and any intermediate Certificate Authority that issued the remote server certificate.

Import each certificate into the java truststore using a keytool command. For example:

cd $JAVA_HOME/bin

./keytool -import -trustcacerts -alias <CA> -keystore ../jre/lib/security/cacerts -file <path to the CA certificate file>

Configure a secure connection to the Synchronizer service

Prepare a java keystore file with your server certificate, and copy it to the Synchronizer server.

Make sure the user configured to run the Synchronizer service has access rights to this file.
In the sync.yml configuration file fill in the properties httpsPort, keystorePath, and keystorePassword, as described in Synchronizer parameter reference.
Restart the Synchronizer service for the changes to take effect.

If the service does not start, check the wrapper.log file for errors.

To disable https, comment out the httpsPort property in the sync.yml file. and restart the service.

Running the Synchronizer service on OpenJRE

If running OpenJDK is not possible in your environment, you need to reconfigure the Synchronizer service.

Within <sync_install_dir>/wrapper, edit the wrapper-common.conf file.
Add a new line:
```
wrapper.java.additional.<number>=-Dorg.apache.jasper.compiler.disablejsr199=true
```
where <number> is the next line number that is available in the file.

Example:

wrapper.java.additional.43=-Dorg.apache.jasper.compiler.disablejsr199=true
Restart the Synchronizer service.

Uninstall the Synchronizer

From /opt: