After you install or upgrade Dynamic Data Masking, you can enable SSL communication. The upgrade and installation processes do not automatically configure Dynamic Data Masking for SSL communication. However, an installation or upgrade does prepare Dynamic Data Masking for SSL communication.
After upgrade or installation, the Dynamic Data Masking Server generates a self-signed certificate in the file
cfg/ddm.jceks
. By default, the Dynamic Data Masking Server is not configured with keystores and key strategies. The Dynamic Data Masking Server uses the automatically generated self-signed certificate to perform the SSL handshake.
The Dynamic Data Masking administration tools, for example the Management Console and command line tools, are not pre-configured with truststores and trust strategies. By default, when SSL is enabled, the administration tools accept any server certificates without SSL authentication of the certificate.