Securing connection using TLS for Microsoft SQL Server
You can establish a secure connection between Sterling B2B Integrator and Microsoft SQL Server using TLS V1.1 and 1.2.
- For Microsoft SQL server, the mapping of TLS versions are given below:
TLS version String values for Microsoft SQL TLS 1.0 TLSv1 TLS 1.1 TLSv1.1 TLS 1.2 TLSv1.2 - TLS 1.0 is the default version and this version is used if no value is specified.
Installing
You can enable the TLS option through IBM Installation Manager using the GUI or a silent response file.
Installing using GUI
Perform the following steps:
- From Database Vendor Selection in the left navigation pane, select
SQL Server from Database Vendor.
A new option, Trust Server Certificate appears on the screen. By default, Yes is selected. This option implies that, by default, Sterling B2B Integrator trusts the certificate that Microsoft SQL Server sends during an SQL connection.
- If you select No, this option implies that Sterling B2B Integrator needs to validate the
Microsoft SQL server certificate against the truststore certificate.Specify the following fields:
Field Name Description Host Name in Certificate Mandatory. Host name to validate the certificate configured on Microsoft SQL Server for TLS. This value must match the Common Name (CN) or Domain Name Server (DNS) name in the Subject Alternate Name (SAN) in the server certificate for an TLS connection to succeed. Truststore File Mandatory. File path of the truststore for TLS connection. Truststore Password Mandatory. Password for the truststore. TLS Version Mandatory. TLS version to be used for the connection. The default value is 1.0. Note: The TLS version setting is independent of the Trust Server Certificate option.Note: During server authentication, there is a certain degree of slowness due to packet encryption. - Click Next to continue the installation.
A secure connection is established between Sterling B2B Integrator and the Microsoft SQL Server.
Installing using silent file
- Trust Server Certificate = Yes
Parameter Value user.sb.trustServerCertificate=trueOptional. Certificate that Microsoft SQL Server sends during an SQL connection. Note: This parameter is mandatory only if you want to use TLS.user.sb.tls_versionNote: If this parameter is not specified, by default, TLS V1.0 is used.Optional. TLS version to be used for the connection. - Trust Server Certificate = No (Server authentication required)
Parameter Value user.sb.trustServerCertificate=falseMandatory. Certificate to be validated against a truststore key. user.sb.hostNameInCertificateMandatory. Host name to validate the certificate configured on Microsoft SQL Server for TLS. user.sb.trustStoreMandatory. File path of the truststore for TLS connection. user.sb.trustStorePasswordMandatory. Password for the truststore.
Upgrading
- Regular upgrade to V6.0.1 - By default, V1.0 is used as the TLS version if no version is specified. You can upgrade using either the GUI or the silent response file.
- Upgrade to V6.0.1 using TLS 1.1 or 1.2 - Note: Make sure to use the latest
sql jdbcdriver before you upgrade. For more information, see Configuring the Microsoft SQL Server database.Add the following properties to
sandbox.cfgfile and runsetupfiles.shfor Unix/Linux orsetup.cmdfor Windows:trustServerCertificate=truetls_version=TLSv1.2
Enabling SSL data encryption
You can enable data encryption during Sterling B2B Integrator installation using the IIM GUI, Response File, or during an upgrade.
You must set the property trustServerCertificate=false in the
sandbox.cfg file.
- Add the following parameters to
sandbox.cfg.user.sb.trustServerCertificate=false user.sb.hostNameInCertificate user.sb.trustStore user.sb.trustStorePassword tls_version=TLSv1.2 - Run
setupfiles.shfor Unix/Linux orsetup.cmdfor Windows.