HCL Commerce Developer

Enabling SSL for database connections in a development environment

As you update your site to be General Data Protection Regulation (GDPR) ready, you may need to take additional steps to encrypt customer data during all communication, both internal and external. Typically, your development environment should not include personal data for your shoppers. If circumstances necessitate the use of personal data in the development environment, encrypt the communication between your servers and your database. To protect any data transfer between a server and your database, you can set up a Secure Sockets Layer (SSL) connection.

By default, data that is communicated between HCL Commerce servers and your database is not encrypted. HCL Commerce only encrypts communication between the Transaction server and Search server and between the Store server and Search server. In rare circumstances, customer information may be used in the development environment for testing and validation purposes. For this reason, encryption of communications with the development environment is an option.

If you need to encrypt the communication, you need to set up the SSL connection for only the following servers, which directly interface with the database:
  • Transaction server
  • Search server
The Customization server and Store server do not communicate directly with the database.

Before you begin

Configure DB2 to use SSL before you switch to the protocol in HCL Commerce.

  1. Configure the database to use SSL. For more information, see Configuring Secure Sockets Layer (SSL) support in a DB2 database.
  2. Extract the certificate that was created in the previous step, and copy it to your HCL Commerce environment. SSL uses the certificate to connect the database to HCL Commerce utilities.

Procedure

Configure the database connection for the Transaction server.
  1. Import the database server certificate for the Transaction server:
    1. Open the WebSphere Application Server administrative console.
    2. Go to Security > SSL certificate and key management > Key stores and certificates > {select a resource} > Signer certificates > Retrieve from port.
    3. Click Retrieve from port.
    4. Enter the host name and security port of the database server.
    5. Type an alias name for the certificate.
    6. Click Retrieve signer information.
    7. Click OK to save the configuration.
  2. Configure the data source to support SSL for the Transaction server.
    1. Select Resources > JDBC > Data sources.
    2. Select WCDataSource in the data source list.
    3. Update the port number in the Common and required data source properties section. Enter the value of the security port that you set in the database server.
    4. Click Apply.
    5. In the Additional Properties section, select Custom properties.
    6. Click New
    7. Enter sslConnection in the Name field, and enter 'true' in the Value field.
    8. Click OK to save the configurations.
  3. Configure the database connection for the Search server.Repeat these steps to configure the database connection for the Search server.
    1. Import the database server certificate for the Search server. See Importing certificates from a local JSON file.
    2. Configure the data source to support SSL on the Search server.
  4. Restart the Test server and the Search server.