ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

API Gateway: Enabling SSL Connection for Microsoft SQL Server

book

Article ID: 236755

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

How to configure SSL JDBC connection for Microsoft SQL Server from the Gateway?

Environment

Release : 10.0

Component : API GATEWAY

Resolution

If the Microsoft SQL Server is using trusted CA then no additional configuration is required at the Gateway server level. The Gateway Java verifies the Microsoft SQL Server certificate using the default CA certificates located in $JAVA_HOME/lib/security/cacerts.

If your Microsoft SQL Server is using a self-signed certificate or non-default trusted CA, then you need to import the CA (root and other intermediate certs) into a Java trust store. Here are the steps to create a trust store on the Gateway:

  • Create a folder as "/opt/SecureSpan/truststore"; make sure this folder has 755 permission
  • Go to this newly created folder and run this command to create a trust store and import the cert
    • /opt/SecureSpan/JDK/bin/keytool -importcert -alias MSSQLCACert -file <full_path_to_the_CA_cert> -keystore truststore.jks -storepass <password>
    • If you have any intermediate CA cert(s), then repeat the above command for each intermediate certs with unique alias for each cert
    • Note down the password and keep a record of it as we need it to configure the JDBC connection
  • Once the import is done, run this command to verify/read the cert from the trust store
    • /opt/SecureSpan/JDK/bin/keytool -list -v -keystore truststore.jks
    • The output of this commend should list all the certs that you imported earlier
  • Change the file permission for truststore.jks
    • chmod 444 truststore.jks
  • Configure the JBDC connection as per the documentation
  • Add the following properties for the trust store
    • Truststore = /opt/SecureSpan/truststore/truststore.jks
    • TrustStorePassword = <password that you used while creating this trust store>

 

Here is a sample configuration:

Additional Information

The DataDirect driver documentation has more information on the supported additional parameters. You can read more about this here: https://docs.progress.com/bundle/datadirect-connect-jdbc-51/page/Connection-Properties_8.html

Attachments