Configure secure database access

This section describes how to configure a secure connection from the OpenText Software Delivery Management server to the database server. The secure connection is protected with SSL/TLS for encryption and authentication.

Before you begin

Before you configure a secure database connection, make sure that:

You have the correct connection string for your database. For examples, see Secure connection string formats.
If SSL/TLS is required, trust has been established on the OpenText Software Delivery Management server. For details, see Configure trust on the server.

New installation: Configure a secure connection

Follow these steps to configure a secure database connection during a fresh installation.

After installing OpenText Software Delivery Management, start the server.
In the Database Server step of the setup wizard, select the connection-string option and provide the secure connection string for your database. For syntax details, see Secure connection string formats.

Existing installation: Switch to a secure connection

Follow these steps to switch from an unsecured to a secure database connection for an existing OpenText Software Delivery Management installation.

Note: These steps describe configuring the site schema connection. Skip this section if you have a separate database server for your workspaces and you only want a secure connection to that database.

In the octane.conf file, edit the following settings:
- Linux:/opt/octane/octane.conf
- Windows:C:\Program Files\octane\conf\octane.conf
1. Set the value of site-action to CONNECT_TO_EXISTING:
```
site-action=CONNECT_TO_EXISTING
```
2. Edit the connection-string value to use the secure format. For syntax details, see Secure connection string formats.
Run the service to start the OpenText Software Delivery Management server.
- Linux:systemctl start octane
- Windows: Select Start > OpenText Software Delivery Management > Start OpenText Software Delivery Management Server.

Secure connection string formats

SQL Server

Use the following to define the connection-string for secure SQL Server access.

SQL Server Scenario	Instructions
SSL/TLS is required	Add the encryption method to the end of the ConnectionString value. jdbc:sqlserver://<server>:<port>;encrypt=true;trustServerCertificate=true
SSL without certificate validation	When using SSL, disable validation of the certificate sent by the database server. Add the encryption method to the end of the ConnectionString value, and apply the certificate into the java certs file located under <JAVA_HOME>\jre\lib\security\certs. jdbc:sqlserver://<server>:<port>;encrypt=true;trustServerCertificate=false;trustStore=<Java Certs file>;trustStorePassword=<JKS password>

SQL Server Scenario

Instructions

SSL/TLS is required

Add the encryption method to the end of the ConnectionString value.

jdbc:sqlserver://<server>:<port>;encrypt=true;trustServerCertificate=true

SSL without certificate validation

When using SSL, disable validation of the certificate sent by the database server. Add the encryption method to the end of the ConnectionString value, and apply the certificate into the java certs file located under <JAVA_HOME>\jre\lib\security\certs.

jdbc:sqlserver://<server>:<port>;encrypt=true;trustServerCertificate=false;trustStore=<Java Certs file>;trustStorePassword=<JKS password>

Oracle

Use the following to define the connection-string for secure Oracle database access.

Oracle scenario Instructions

SSL/TLS is required

Oracle scenario	Instructions
SSL/TLS is required	To configure a secure connection from the OpenText Software Delivery Management server to the database server using SSL or SSO, refer to the section Configure site settings. The connection string should include the port defined in the Oracle database as the port for SSL connections. The protocol should be set to TCPS: `connection-string = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=<hostname>)(PORT=<ssl port>)) (CONNECT_DATA=(SERVICE_NAME=<ORA_SERVICENAME>)))"`

To configure a secure connection from the OpenText Software Delivery Management server to the database server using SSL or SSO, refer to the section Configure site settings.

The connection string should include the port defined in the Oracle database as the port for SSL connections. The protocol should be set to TCPS:

connection-string = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=<hostname>)(PORT=<ssl port>)) (CONNECT_DATA=(SERVICE_NAME=<ORA_SERVICENAME>)))"