Configuring IBM App Connect Enterprise to connect to SQL Server with Kerberos and SSL support: Part 3

The following task demonstrates the next steps in enabling SSL support for SQL server.

Before you begin

You must complete the steps in the previous tasks: Configuring IBM App Connect Enterprise to connect to SQL server: Part 1 and Configuring IBM App Connect Enterprise to connect to SQL server with Kerberos: Part 2. You must have administrator privileges on your SQL server machine.

About this task

Now that the initial steps are complete, you must log in as an administrator on your SQL Server machine to complete that next set of steps.

The following set of certificates are needed:
  1. A certificate for the SQL Server.
  2. A certificate for IBM® App Connect Enterprise
Note: These certificates cannot be self-signed certificates, they must be issued by a trusted authority. Create a temporary certificate authority for development purposes if necessary, using openssl or lightweight CA software. You must ensure that the certificates match the machine names.

Complete the following steps.

Procedure

  1. Open the Microsoft Management Console as an administrator on your SQL server machine.
  2. Go to File > Add/Remove snap in and select Certificates > Computer Account > Local Computer.
  3. Optional: (Complete this step only if you are using a local certificate authority). Expand the Trusted Root Certification Authorities folder.
  4. Optional: (Complete this step only if you are using a local certificate authority). Right-click the open folder and select All Tasks > import. Browse and select your certificate authority root certificate cacert.pem, and import it to Trusted Root Certification Authorities.
  5. Expand the Personal folder.
  6. Right-click the open folder and select All Tasks > import. Browse and select the private key and certificate for the server as provided by the certificate authority , and import it to Personal.
  7. Right-click on the newly imported sqlserver.domain.company.com certificate, and select All Tasks > Manage Private Keys
  8. Open the SQL Server Configuration Manager, and select SQL Server Services.
  9. Double-click the SQL Server entry and copy the Account Name.
  10. Switch back to the Microsoft Management Console Certificates dialog and complete the following steps:and add the Account Name that you copied in the previous step, and search on the local machine.
    1. Click Add.
    2. Paste the Account Name that you copied in step 9
    3. Click Check Names.
    4. Click OK.
    5. Enable the account Full Control on the private keys.
    6. Click OK.
  11. Switch back to the SQL Server Configuration Manager, and expand SQL Server and Network Configuration.
  12. Right-click Protocols for SQLServer where SQLServer is the name you have used throughout these tasks, and select Properties.
    Open the Certificate tab.
  13. Select the imported certificate from the drop-down box.
  14. Select the Flags tab, and set Force Encryption to Yes.
  15. Restart the SQL Server from the SQL Services window.
  16. Update the odbc.ini file again to add the following configuration: 
    EncryptionMethod=1
TrustStore=/path/to/certificates/cacert.pem
  17. Rerun the test application.