If the Microsoft SQL Server is using trusted CA then no additional configuration is required at the Gateway server level. The Gateway Java verifies the Microsoft SQL Server certificate using the default CA certificates located in $JAVA_HOME/lib/security/cacerts.

If your Microsoft SQL Server is using a self-signed certificate or non-default trusted CA, then you need to import the CA (root and other intermediate certs) into a Java trust store. Here are the steps to create a trust store on the Gateway:

• Create a folder as "/opt/SecureSpan/truststore"; make sure this folder has 755 permission
• Go to this newly created folder and run this command to create a trust store and import the cert
  • /opt/SecureSpan/JDK/bin/keytool -importcert -alias MSSQLCACert -file <full_path_to_the_CA_cert> -keystore truststore.jks -storepass <password>
  • If you have any intermediate CA cert(s), then repeat the above command for each intermediate certs with unique alias for each cert
  • Note down the password and keep a record of it as we need it to configure the JDBC connection
• Once the import is done, run this command to verify/read the cert from the trust store
  • /opt/SecureSpan/JDK/bin/keytool -list -v -keystore truststore.jks
  • The output of this commend should list all the certs that you imported earlier
• Change the file permission for truststore.jks
  • chmod 444 truststore.jks
• Configure the JBDC connection as per the documentation
• Add the following properties for the trust store
  • Truststore = /opt/SecureSpan/truststore/truststore.jks
  • TrustStorePassword = <password that you used while creating this trust store>

Here is a sample configuration: