Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. IT Analytics Help
  3. Section XVI. System Administration
  4. Appendix G. Configure TLS-enabled Oracle database on IT Analytics Portal and data receiver
  5. Configure TLS in user environment

Configure TLS in user environment

On Windows

Step 1: Load oracle server wallet certificate to portal and upgrader Java KeyStore. This step is required only if the wallet certificate is self-signed.

  1. Add server certificate in portal Java.
    cd C:\opt\jre\bin 
    keytool -import -trustcacerts -alias ora_server_cert -file 
    C:\opt\oracle\network\client_wallet\server-cert-db.crt -keystore 
    C:\opt\jre\lib\security\cacerts 
    cd C:\opt\jdk\bin 
    keytool -import -trustcacerts -alias ora_server_cert -file 
    C:\opt\oracle\network\client_wallet\server-cert-db.crt -keystore 
    C:\opt\jdk\lib\security\cacerts 
    password: changeit
  2. Add server certificate in upgrader Java.
    cd C:\opt\aptare\upgrade\jre\bin 
    
    keytool -import -trustcacerts -alias ora_server_cert -file 
    C:\opt\oracle\network\client_wallet\server-cert-db.crt -keystore 
    C:\opt\aptare\upgrade\jre\lib\security\cacerts 
    password: changeit

Step 2: Ensure the Oracle service user has READ access to cwallet.sso file of the server wallet. To provide the permission:

  1. Right-click on the cwallet.sso file of the server wallet and select Properties.
  2. Go to the Security tab and click Edit of the group or user names.
  3. Click Add, search for Oracle service user, and click OK.
  4. Select READ permission and click OK.

Step 3: Modify connection URL in portal and receiver property file.

Note:

Host, port, and SERVICE_NAME can be different.

  1. Stop the portal and agent services.
  2. Modify database URL in C:\opt\aptare\portalconf\portal.properties.
    db.url=jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=xx.xx.xx.xx)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=SCDB)))
  3. Modify database URL in C:\opt\aptare\datarcvrconf\datrarcvrproperties.xml.
    <URL>jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=xx.xx.xx.xx)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=SCDB))</URL>
  4. Start portal and agent service.
On Linux

Step 1: Load oracle server wallet certificate to portal and upgrader Java KeyStore. This step is required only if the wallet certificate is self-signed.

  1. Login as a root user.
  2. Add server certificate in portal Java.
    cd /user/java/bin 
    
    keytool -import -trustcacerts -alias ora_server_cert -file 
    /opt/aptare/oracle/network/server_wallet/server-cert-db.crt -keystore 
    /usr/java/lib/security/cacerts 
    password: changeit 
    
    
  3. Add server certificate in upgrader Java.
    cd C:\opt\aptare\upgrade\jre\bin 
    
    keytool -import -trustcacerts -alias ora_server_cert -file 
    C:\opt\oracle\network\client_wallet\server-cert-db.crt -keystore 
    C:\opt\aptare\upgrade\jre\lib\security\cacerts 
    password: changeit

Step 2: Modify connection URL in portal and receiver property file.

Note:

Host, port, and SERVICE_NAME can be different.

  1. Stop the portal and agent services.
    /opt/aptare/bin/tomcat-portal stop 
    /opt/aptare/bin/tomcat-agent stop
  2. Modify database URL in /opt/aptare/portalconf/portal.properties.
    db.url=jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)
    (HOST=xx.xx.xx.xx)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=SCDB)))
  3. Modify database URL in /opt/aptare/datarcvrconf/datrarcvrproperties.xml.
    <URL>jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)
    (HOST=xx.xx.xx.xx)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=SCDB))</URL>
  4. Start portal and agent services.
    /opt/aptare/bin/tomcat-portal start 
    /opt/aptare/bin/tomcat-agent start

Feedback

Was this page helpful?
Previous

Configure TLS in Oracle with IT Analytics on Windows in non-split architecture

Next

Appendix H. IT Analytics for NetBackup on appliances

Feedback

Was this page helpful?