Securing RTM database communications using SSL

Enabling SSL for RTM ensures that all data communications between the web server and database, and from the RTM Data Collectors and database are secured using OpenSSH encryption. Though this does provide tighter security, it does impact core performance on both the RTM Data Collector hosts as well as the database. If you are concerned about the performance impact of this change, contact IBM Support before taking these steps.

You can generally perform this change without interrupting service. However, it does require a restart of MySQL/MariaDB and the RTM Data Collectors multiple times throughout the process.

The major steps in enabling SSL for RTM are:
  1. Configure a default ‘root’ password for MySQL/MariaDB.
  2. Generate new Self-Signed Certificate files.
  3. Enable SSL for MySQL/MariaDB.
  4. Enable Remote Connections.
  5. Modify the RTM Website to use the Self-Signed Certificates.
  6. Modify the RTM Data Collectors to use the Self-Signed Certificates.
  7. Modify the Spine configuration to use the Self-Signed Certificates.
  8. Optionally disable non-SSL communications, if required.

Actual steps may differ depending on your OS distribution, but you should be able to generally follow the following procedures to complete the steps.

The first step of the setup allows both SSL and non-SSL connections. The final step disables non-SSL connections at your discretion.