TLS: Configuring the GAX Database
Contents
You must configure your Oracle, Microsoft SQL 2008 R2, or PostgreSQL server to use TLS. Refer to the documentation that came with your database for information on how to use TLS security.
Configuring the GAX Database for TLS (Oracle)
Purpose
- To enable TLS support for your GAX Oracle database.
Prerequisites
Start
- Configure Oracle as described in the related database guides, and configure a TCPS listener.
- Set the level of TLS control on the DAP.
- In the GAX section of the DAP, create an option that is named tls_mode.
- Specify one of the following values for the tls_mode option:
- off—No TLS will be used.
- required—If a server does not support TLS, revoke the connection.
- authentication—GAX will validate the server send-certificate with the local trust store.
- <option not set>—Same as off.
End
Configuring the GAX Database for TLS (Microsoft SQL Server 2008)
Prerequisites
- Setting up the Genesys Administrator database (for Microsoft SQL Server).
- Ensure that you are using the latest JTDS driver (1.2.5 or later).
Start
- Configure Microsoft SQL Server as described in the related database guides.
- Set the level of TLS control on the DAP.
- In the GAX section of the DAP, create an option that is named tls_mode.
- Specify one of the following values for the tls_mode option:
- off—Do not use TLS.
- request—If the server supports TLS, it is used.
- required—If the server does not support TLS, the connection is revoked.
- authentication—GAX validates the server-send certificate against the local trust store.
- <option not set>—Same as off.
- For Windows, add the following line to the setenv.bat file:
set JAVA_OPTS=%JAVA_OPTS% -Djsse.enableCBCProtection=false
- For Linux, add the following line to the setenv.sh file:
JAVA_OPTS="$JAVA_OPTS -Djsse.enableCBCProtection=false"
End
Configuring the GAX Database for TLS (PostgreSQL)
Note: This procedure applies only to GAX 8.1.310 releases or higher. |
Prerequisites
Start
- Configure PostgreSQL as described in the related database guides.
- Set the level of TLS control on the DAP.
- In the GAX section of the DAP, create an option that is named tls_mode.
- Specify one of the following values for the tls_mode option:
- off—Do not use TLS.
- required—If the server does not support TLS, the connection is revoked.
- authentication—GAX validates the server-send certificate with the local trust store.
- <option not set>—Same as off.
End
This page was last edited on July 17, 2020, at 15:55.
Comments or questions about this documentation? Contact us for support!