Enabling the database connection encryption for Data Source
Configure the connection to Data Source (BigFix Platform DB2 / MSSQL database) to apply SSL based encryption.
Before you begin
- BigFix Platform DB2 / MSSQL database is configured to enable the connection
encryption.
- MSSQL - For more information on configuring SQL Server Database engine for encrypting connections, refer to https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-sql-server-encryption?view=sql-server-ver16.
- DB2 - For information on IBM TLS configuration process for DB2, refer to https://www.ibm.com/docs/en/db2/11.5?topic=transit-tls-configuration-db2.
- The extracted public trust certificate should be available in 64-bit encoded
.CER format.
DB2:
You can extract the certificate using the below command:
gsk8capicmd_64 -cert -extract -db "<Server Keystore .kdb file>" -pw "<Server Keystore password>" -label "<label name>" -target "<.cer file name>" -format ascii
MS SQL:Export the public certificate in the
.CER Base-64
encodedX.509
format using Certmgr (Manage Computer Certificates).Perform these steps:- Run the Certmgr on Windows system hosting MS SQL database.
- In the left panel of the program, go to .
- In the right panel, right click on the database server certificate and go to .
- Click Next in the window that appears.
- Choose No, do not export the private key and click Next.
- Choose Base-64 encoded X.509 (.CER) format and click Next.
- Select the path name and file name to save the certificate.
- Review specified settings and click on Finish.
- Certificate is exported to the specified location.
About this task
Perform the below steps to enable the encryption Data Source on BigFix Inventory server:
Procedure
-
Create
p12
type TrustStore and import the public certificate into it. - To import any additional certificates from other Data Source databases, you can repeat command from point 1b) using the same keystore file 'keys_bf_db.p12' and password, but different alias.
- Restart BigFix Inventory service.
Results
Important: The hostname entered in Data Sources panel must match the hostname
in certificate for Bigfix Platform database.