Configure a trust store to authenticate the server certificate - Connect_CDC - aws_mainframe_modernization_service - connect_cdc_mimix_share - Latest

AWS Mainframe Modernization - Data Replication for IBM i

Product type
Software
Portfolio
Integrate
Product family
Connect
Product
AWS Mainframe Modernization > AWS Mainframe Modernization Service
Version
Latest
Language
English
Product name
AWS Mainframe Modernization
Title
AWS Mainframe Modernization - Data Replication for IBM i
Copyright
2024
First publish date
2003
Last updated
2024-02-01
Published on
2024-02-01T23:02:31.099696
  1. Close Connect CDC Director if it is already open.

  2. Copy the signed server certificate to the local Java trust store path.

  3. Open a command console session and navigate to the Connect CDC kernel directory on the client machine, which by default is

    <Precisely_Connect_Install>\ConnectCDCV57\kernel
  4. Extract the MSSS2005.properties file from Omni.jar to the kernel folder using the Java jar utility. Type the following commands at the command prompt:

    run 'jar xf Omni.jar omnienterprise/gdbc/MSSS2005.properties'
    mv omnienterprise/gdbc/MSSS2005.properties .
  5. Using a text editor, open MSSS2005.properties for editing and change the value of the URL parameter to the server jdbc.sqlserver URL with TLS encryption parameters, similar to the following:

    url=jdbc:sqlserver://%HOST:%PORT;SelectMethod=cursor;
    encrypt=true;trustServerCertificate=true;
    trustStore={path to java trust store};trustStorePassword={trust store password};
    hostNameInCertificate={subject property of server certificate}

    Parameter

    Description

    encrypt

    Set to true to enable JDBC encrypted communication with the sqlserver.

    trustServerCertificate

    This property is used with the encrypt/authentication properties and only affects server TLS/SSL certificate validation if the connection uses TLS encryption. For more information, see JDBC Driver for SQL Server support matrix.
    • Set to true to specify that the driver does not validate the server TLS/SSL certificate. If true, the server TLS/SSL certificate is automatically trusted when the communication layer is encrypted using TLS.
    • Set to false to specify that the driver does validate the server TLS/SSL certificate. If the server certificate validation fails, the driver throws an error and closes the connection.

    trustStore

    Path to server certificate on local to encrypt the connection, rather than the default JVM trust store.

    trustStorePassword

    Enter the password protecting the certificate.

    hostNameInCertificate

    Enter the specific host name, typically the DNS name for SQL Server host, that signed the server certificate to validate the connection. This ensures that the server connection matches the server that signed the certificate.

    If SSL encryption is enabled (encrypt=true;) and this property is unspecified, the driver uses the server name that is specified in the connection URL or data source of the connection to validate the certificate.

    For example,

    url=jdbc:sqlserver://%HOST:%PORT;
    					SelectMethod=cursor;encrypt=true;trustServerCertificate=false;
    					trustStore=c:/dev/ConnectCDC/certs/preciselyTrust.jks;
    					trustStorePassword=precisely;hostNameInCertificate=US-DD-USER.us.precisely.com
  6. Save the file and exit the text editor.

  7. Open Connect CDC Director. From the context menu of the server, select Test Connection to test the connection to SQL Server.