Creating secrets to protect sensitive Microsoft SQL Server SSL configuration data

If you plan to use SSL for your Microsoft SQL Server database, create a secret manually to protect the certificate data for the database.

About this task

The steps for creating the secret vary depending on whether your database enables server only or both server and client authentication.

Procedure

  1. Obtain the certificate file, tls.crt, from your database server.
  2. Create the certificate secret for your database server by running a command like the following example:
    kubectl create secret generic <ibm-mssql-ssl-secret> --from-file=tls.crt=<your-mssql-certification-name>.crt
    Note: Multiple certificates are supported in crt file.

What to do next

Use the name of your secret to create the configuration for an SSL database connection when you complete your CR YAML file.
The following values specify the SSL database configuration and provide the name of the SSL secret that you created:
dc_ssl_enabled: true
database_ssl_secret_name: "<db ssl secret name>"
For example, for the relevant data source for your FileNet Content Manager deployment, your CR might look like the following sample snip:

datasource_configuration:
    dc_ssl_enabled: true
    dc_gcd_datasource:
      dc_database_type: "sqlserver"
      ...
      database_ssl_secret_name: "ibm-mssql-ssl-secret"
    dc_os_datasources:
    - dc_database_type: "sqlserver"
      ...
      database_ssl_secret_name: "ibm-mssql-ssl-secret"

Also, remember to add the database username and password to the ibm-fncm-secret.