Enable SSL Certificate in SQLi
This article includes the steps required to enable TLS/SSL security for SQLi connections for Incorta versions 4.4.1 and later.
To enable SSL security for SQLi connections, you will need to:
- Generate a self-signed certificate.
- Convert your certificate to JKS.
- Enable SSL for SQLi in Incorta.
- Enable SSL on the client side.
The example below uses a self-signed certificate. However, self-signed certificates should not be used in production environments and are recommended for use only in development and testing phases.
Generate a self-signed certificate
-
Choose these parameters using Java’s keytool:
- alias: name assigned to the certificate.
- keystore: path to new keystore
- password: password to the keystore.
-
Run the following command:
keytool -genkey -keyalg RSA -alias <alias> -keystore <keystore> -storepass <password> -validity 360 -keysize 2048
Here’s a sample output for a server named www.mysite.com:
```
keytool -genkey -keyalg RSA -alias incorta_selfsigned -keystore /home/incorta/keystore.jks -storepass password -validity 360 -keysize 2048
What is your first and last name? [Unknown]: mysite
What is the name of your organizational unit? [Unknown]: mysite
What is the name of your organization? [Unknown]: mysite
What is the name of your City or Locality? [Unknown]: cairo
What is the name of your State or Province? [Unknown]: cairo
What is the two-letter country code for this unit? [Unknown]: EG
Is CN=mysite, OU=mysite, O=mysite, L=cairo, ST=cairo, C=EG correct?
[no]: yes
Enter key password for <incorta_selfsigned> (RETURN if same as keystore password):
ls -ltr /home/incorta/keystore.jks
-rw-rw-r--. 1 incorta incorta 2235 Jan 4 11:51 /home/incorta/keystore.jks
```
Convert your certificate to JKS
Check with your SSL provider on how to convert the certificate to JKS format. Click here to see Digicert’s instructions for an example.
(If you are using a self-signed certificate, you can skip this step.)
Enable SSL for SQLi in Incorta
-
Open the configuration page.
- For Incorta versions 4.4.X or earlier: Configurations are located in the Incorta Login Admin page.
- For Incorta versions 4.5 and later: Configurations are located in the CMC.
- From the System Configuration tab, select Server Configs then SQL Interface.
- Toggle the option to Enable SSL for SQL interface ports.
- Enter the path for the jks file previously created in the SSL certificate (JKS) path used for SQL interface.
- Enter the passphrase or password for that JKS in the SSL certificate (JKS) passphrase used for the SQL interface.
- Click Save.
Enable SSL in client side
- Enable SSL in your client or BI tools by setting SSL Mode to either prefer or require.
If you are using a self-signed certificate the BI tools will reject the certificate as untrusted. To continue you will have to import the JKS at the client side as a trusted certificate.
- Convert the JKS file to a known format. See Oracle’s instructions here for an example.
- Import the certificate. In Windows you can search for “Manage computer certificates” then import the certificate.