Enabling SSL for database connections in runtime environments
As you update your site to be General Data Protection Regulation (GDPR) ready, you may need to take additional steps so that customer data is encrypted during all communication, both internal and external. To help encrypt the communication between your servers and your database, you can set up a Secure Sockets Layer (SSL) connection.
By default, data that is communicated between HCL Commerce servers and your database is not encrypted. HCL Commerce only encrypts communication between the Transaction server and Search server and between the Store server and Search server.
If you need to encrypt all communication, you must set up the SSL connection for the
following servers, which directly interface with the database:
- Transaction server
- Search server
- Utility server
Before you begin
Configure IBM Db2 Database to use SSL before you switch to the protocol in HCL Commerce.
- Configure the database to use SSL. For more information, see Configuring Secure Sockets Layer (SSL) support in a DB2 database.
- Extract the certificate that was created in the previous step, and copy it to your HCL Commerce environment. SSL uses the certificate to connect the database to HCL Commerce utilities.
- IBM Db2 supports encryption within the database. See the DB2 version 11 Data encryption page.
Procedure
Transaction server
- Import the database server certificate for the Transaction server.
-
Configure the data source to support SSL for the Transaction server.
Option Description In a running Docker container - Open the Transaction server Docker container
- Run the command
run update-datasource-db jdbc/WCDataSource dbName dbHost dbSSLPort true
to update the port and sslConnection settings. For example,
For more information about the update-datasource-db command and its parameters, see Transaction server Run Engine commands.run update-datasource-db jdbc/WCDataSource mall mydbhostname.com 50001 true
In a custom Docker image - In the host server, create a folder that is named tsapp.
- Following the instructions for Transaction servers in Building custom Docker images for use with an Oracle database, add the parameters to the custConfiguration.sh file to update the port and sslConnection settings. Save the file in the tsapp folder and complete the instructions in Building custom Docker images for use with an Oracle database to build the new containers.
Search server
- Import the database server certificate for the Search server.
-
Configure the database connection for the Search server.
Option Description In a running Docker container - Open the Search server Docker container.
- Run the command
run update-datasource-db jdbc/wcdb dbName dbHost dbSSLPort true
to update the port and sslConnection. For example,
For more information about the update-datasource-db command and its parameters, see Search server Run Engine commands.run update-datasource-db jdbc/WCDataSource mall mydbhostname.com 50001 true
In a custom Docker image - In the host server, create a folder that is named search.
- Following the instructions for Search servers in Building custom Docker images for use with an Oracle database, add the parameters to the custConfiguration.sh file to update the port and sslConnection settings. Save the file in the search folder and complete the instructions in Building custom Docker images for use with an Oracle database to build the new containers.
Utility server Docker container
-
Enable an SSL connection for the Utility server Docker container.
-
Import the SSL certificate to the Java SDK default truststore.