Enabling SSL for database connections in runtime environments

As you update your site to be General Data Protection Regulation (GDPR) ready, you may need to take additional steps so that customer data is encrypted during all communication, both internal and external. To help encrypt the communication between your servers and your database, you can set up a Secure Sockets Layer (SSL) connection.

By default, data that is communicated between HCL Commerce servers and your database is not encrypted. HCL Commerce only encrypts communication between the Transaction server and Search server and between the Store server and Search server.

If you need to encrypt all communication, you must set up the SSL connection for the following servers, which directly interface with the database:

Transaction server
Search server (for the Solr-based search solution)
Utility server
Search NiFi server (for the Elasticsearch-based search solution)

Before you begin

Configure your IBM Db2 Database to use SSL before you switch to the protocol in HCL Commerce. For more information, see Configuring Secure Sockets Layer (SSL) support in a DB2 database in the IBM Db2 documentation.

Note: IBM Db2 also supports encryption within the database. For more information, see the DB2 version 11 Data encryption within the IBM Db2 documentation.

Procedure

Extract the database SSL certificate and include it within your customized Docker images, or store it within Vault.
- To manually add certificates to your Docker images, see Managing certificates manually.
- To add certificates to Vault, see Managing certificates with Vault.
Enable the database SSL connection configuration within your HCL Commerce environment.
Update your HCL Commerce deployment to enable SSL communication with the database.
Set your deployment environment variables, or update your deployment configuration in Vault.
- Required environment variables:
```
DB_SSLENABLE: true
DBPORT: DbSSLPort
```
- Required Vault keypairs:
```
Tenant/EnvName/EnvType/dbSSLEnable: true
Tenant/EnvName/EnvType/dbPort: DbSSLPort
```
For more information on setting your deployment configurations, see:
- Docker container start up logic for HCL Commerce Version 9.1
- Environment data in Vault
.

Results

All HCL Commerce communication with the database is now fully encrypted.