Secure communication with the database server

Technical references : Administration : Server Hardening : Configure SSL connections : Secure communication with the database server

This section describes how to set up a secure communication between the application server and the database server.

You can do so by enabling an encrypted connection for the connection URL of the database server.

Procedure

1. Stop the application server.

2. Open JBoss CLI.

3. To enable encryption in the connection URL, run the following command:

/subsystem=datasources/data-source=PlanonDS/:write-attribute(name=connection-url,value="jdbc:sqlserver://databasehostname.fullyqualifieddomainname\\databaseserverinstancename;encrypt=true;trustServerCertificate=false")

4. Export the database server certificate without its private key to a certificate file.

5. Add the certificate to the client cacerts keystore if needed (for example: self-signed certificate). To do so, use the following command:

You can find the keytool in the following location ...\Server\jdk-*\bin

keytool -cacerts -import -trustcacerts -noprompt -file path\to\your\certificate.crt -alias yourAlias -storepass changeit

You have now set up a secure communication with your database server. You can now safely restart your application server.