Tomcat 8 and Oracle Wallet

Getting Tomcat 8 connect over encrypted TCPS to an Oracle Database using Oracle Wallet.

Tomcat 8 and Oracle Wallet

Protecting sensitive data of your customers has always been important.

GDPR suggests to apply encryption wherever possible to limit the risks of a data breach.

For a project at a customer, encrypting the connection between a Tomcat application and its Oracle Database server became a requirement.

I have been struggling with setting up Tomcat to use the Oracle Wallet without success.

Many websites and blog posts are either outdated, oversimplify the solution or are full of unanswered/unsolved help cries, or opted to implement the solution in code rather than using JNDI.

No matter what I tried, I was always saluted with the following exception when Tomcat starts to initialize the connections:

Caused by: Unable to initialize the key store.
... 41 more
Caused by: SSO not found
... 42 more
Caused by: SSO KeyStore not available
... 43 more

Thanks to a member of the Tomcat User Mailinglist I was able to make it work by using the original Java KeyStore which was used for creating the Oracle Wallet in the first place.

Here are the steps I made to get Tomcat working with TCPS to the Oracle Database:

  1. Add the following jar files in lib/ of Tomcat:
    ojdbcX.jar (X = relevant major version of Java, vbl: 8)
  2. In ./jre/lib/security/ add the following:
  3. In context.xml:
  • connectionProperties=";;;;;;"