Securing connection using TLS for Microsoft SQL Server

You can establish a secure connection between Sterling B2B Integrator and Microsoft SQL Server using TLS V1.1 and 1.2.

The system provides support during installation and runtime.
Note:
  • For Microsoft SQL server, the mapping of TLS versions are given below:
    TLS version String values for Microsoft SQL
    TLS 1.0 TLSv1
    TLS 1.1 TLSv1.1
    TLS 1.2 TLSv1.2
  • TLS 1.0 is the default version and this version is used if no value is specified.

Installing

You can enable the TLS option through IBM Installation Manager using the GUI or a silent response file.

Installing using GUI

Perform the following steps:

  1. From Database Vendor Selection in the left navigation pane, select SQL Server from Database Vendor.

    A new option, Trust Server Certificate appears on the screen. By default, Yes is selected. This option implies that, by default, Sterling B2B Integrator trusts the certificate that Microsoft SQL Server sends during an SQL connection.

  2. If you select No, this option implies that Sterling B2B Integrator needs to validate the Microsoft SQL server certificate against the truststore certificate.
    Specify the following fields:
    Field Name Description
    Host Name in Certificate Mandatory. Host name to validate the certificate configured on Microsoft SQL Server for TLS. This value must match the Common Name (CN) or Domain Name Server (DNS) name in the Subject Alternate Name (SAN) in the server certificate for an TLS connection to succeed.
    Truststore File Mandatory. File path of the truststore for TLS connection.
    Truststore Password Mandatory. Password for the truststore.
    TLS Version Mandatory. TLS version to be used for the connection. The default value is 1.0.
    Note: The TLS version setting is independent of the Trust Server Certificate option.
    Note: During server authentication, there is a certain degree of slowness due to packet encryption.
  3. Click Next to continue the installation.

    A secure connection is established between Sterling B2B Integrator and the Microsoft SQL Server.

Installing using silent file

Add the following parameters to the response file:
  • Trust Server Certificate = Yes
    Parameter Value
    user.sb.trustServerCertificate=true Optional. Certificate that Microsoft SQL Server sends during an SQL connection.
    Note: This parameter is mandatory only if you want to use TLS.
    user.sb.tls_version
    Note: If this parameter is not specified, by default, TLS V1.0 is used.
    		 Optional. TLS version to be used for the connection.
  • Trust Server Certificate = No (Server authentication required)
    Parameter Value
    user.sb.trustServerCertificate=false Mandatory. Certificate to be validated against a truststore key.
    user.sb.hostNameInCertificate Mandatory. Host name to validate the certificate configured on Microsoft SQL Server for TLS.
    user.sb.trustStore Mandatory. File path of the truststore for TLS connection.
    user.sb.trustStorePassword Mandatory. Password for the truststore.

Upgrading

Scenarios for upgrade:
  • Regular upgrade to V6.0.1 - By default, V1.0 is used as the TLS version if no version is specified. You can upgrade using either the GUI or the silent response file.
  • Upgrade to V6.0.1 using TLS 1.1 or 1.2 -
    Note: Make sure to use the latest sql jdbc driver before you upgrade. For more information, see Configuring the Microsoft SQL Server database.

    Add the following properties to sandbox.cfg file and run setupfiles.sh for Unix/Linux or setup.cmd for Windows:

    • trustServerCertificate=true
    • tls_version=TLSv1.2