Enabling SSL for database connections in runtime environments
As you update your site to be General Data Protection Regulation (GDPR) ready, you may need to take additional steps so that customer data is encrypted during all communication, both internal and external. To help encrypt the communication between your servers and your database, you can set up a Secure Sockets Layer (SSL) connection.
By default, data that is communicated between HCL Commerce servers and your database is not encrypted. HCL Commerce only encrypts communication between the Transaction server and Search server and between the Store server and Search server.
If you need to encrypt all communication, you must set up the SSL connection for the
following servers, which directly interface with the database:
- Transaction server
- Search server (for the Solr-based search solution)
- Utility server
- Search NiFi server (for the Elasticsearch-based search solution)
Before you begin
Configure your IBM Db2 Database to use SSL before you switch to the protocol in
HCL Commerce. For more information, see Configuring Secure Sockets Layer (SSL) support in a DB2
database in the IBM Db2 documentation.
Note: IBM Db2 also supports encryption within the database. For more
information, see the DB2 version 11 Data encryption within the IBM Db2 documentation.
Procedure
-
Extract the database SSL certificate and include it within your customized Docker
images, or store it within Vault.
- To manually add certificates to your Docker images, see Managing certificates manually.
- To add certificates to Vault, see Managing certificates with Vault.
-
Enable the database SSL connection configuration within your HCL Commerce
environment.
Update your HCL Commerce deployment to enable SSL communication with the database.Set your deployment environment variables, or update your deployment configuration in Vault.
- Required environment
variables:
DB_SSLENABLE: true DBPORT: DbSSLPort
- Required Vault
keypairs:
Tenant/EnvName/EnvType/dbSSLEnable: true Tenant/EnvName/EnvType/dbPort: DbSSLPort
For more information on setting your deployment configurations, see: . - Required environment
variables: