Enable SSL Certificate in SQLi
This article includes the steps required to enable TLS/SSL security for SQLi connections for Incorta versions 4.4.1 and later.
To enable SSL security for SQLi connections, you will need to:
- Generate a self-signed certificate.
- Convert your certificate to JKS.
- Enable SSL for SQLi in Incorta.
- Enable SSL on the client side.
The example below uses a self-signed certificate. However, self-signed certificates should not be used in production environments and are recommended for use only in development and testing phases.
Choose these parameters using Java’s keytool:
- alias: name assigned to the certificate.
- keystore: path to new keystore
- password: password to the keystore.
Run the following command:
keytool -genkey -keyalg RSA -alias <alias> -keystore <keystore> -storepass <password> -validity 360 -keysize 2048
Here’s a sample output for a server named www.mysite.com:
```$ keytool -genkey -keyalg RSA -alias incorta_selfsigned -keystore /home/incorta/keystore.jks -storepass password -validity 360 -keysize 2048 What is your first and last name? [Unknown]: mysite What is the name of your organizational unit? [Unknown]: mysite What is the name of your organization? [Unknown]: mysite What is the name of your City or Locality? [Unknown]: cairo What is the name of your State or Province? [Unknown]: cairo What is the two-letter country code for this unit? [Unknown]: EG Is CN=mysite, OU=mysite, O=mysite, L=cairo, ST=cairo, C=EG correct? [no]: yes Enter key password for <incorta_selfsigned> (RETURN if same as keystore password): $ ls -ltr /home/incorta/keystore.jks -rw-rw-r--. 1 incorta incorta 2235 Jan 4 11:51 /home/incorta/keystore.jks```
Check with your SSL provider on how to convert the certificate to JKS format. Click here to see Digicert’s instructions for an example.
(If you are using a self-signed certificate, you can skip this step.)
Open the configuration page.
- For Incorta versions 4.4.X or earlier: Configurations are located in the Incorta Login Admin page here.
- For Incorta versions 4.5 and later: Configurations are located in the CMC.
- From the System Configuration tab, select Server Configs then SQL Interface.
- Toggle the option to Enable SSL for SQL interface ports.
- Enter the path for the jks file previously created in the SSL certificate (JKS) path used for SQL interface.
- Enter the passphrase or password for that JKS in the SSL certificate (JKS) passphrase used for the SQL interface.
- Click Save.
- Enable SSL in your client or BI tools by setting SSL Mode to either prefer or require.
If you are using a self-signed certificate the BI tools will reject the certificate as untrusted. To continue you will have to import the JKS at the client side as a trusted certificate.
- Convert the JKS file to a known format. See Oracle’s instructions here for an example.
- Import the certificate. In Windows you can search for “Manage computer certificates” then import the certificate.