Hi group I am on zos 3.1 and using an inhouse java api that has been created to write data to an oracle database(19c) that exist on a redhat linux machine(8.9).  This process works great using a url to the database, looks like this INSIGHT.DBURL=jdbc:oracle:thin:@10.100.0.35:1521/iidb, also with passing a userid and password to write to that database.  This is a not secure process at this moment.

The goal here is to use AT-TLS to make this a secure process.  I have not yet been able to get this to work.  

We have generated a certificate on the redhat linux machine, we have imported that cert into racf  keyring and a policy rule has been created in PAGENT.

I would like to know if this has been used for this type of processing and if it works.  If there is some documentation on how to set this up, or some pointers on what to do or look for.

We have tried changing the url to INSIGHT.DBURL=jdbc:oracle:thin:@tcps://10.100.0.35:2484/iidb

With that tracing was turned on and we can see that we are having a nsprecv:header checksum error at  this point i'm not sure we are headed in the correct direction.  With using AT-TLS i was undert the impression that once the Certs are in place that we wouldn't need to change the url's.

Any suggestions or documentation would be great or proof this even works as we are trying to do it.

Jeff

Hi Jeff,

I have not configured this for an oracle connection, but we use AT-TLS for HTTPS connections with z/OS being the client.  What type of cert are you using?  Is it self-signed?  The signing cert must be marked as trusted, and your policy should be set up as an outbound one.  I'm not sure what you mean by changing the URL.  I assume the URL you are using IS a secure port on the oracle machine.  If not, this would definitely cause an issue.

Chris