Saturday 8 August 2015

InfoSphere Master Data Management - Support for SSL enabled databases

InfoSphere Master Data Management v11.4 FP3 supports SSL enabled DB2 and SQL Server databases.

Obtain the certificate from an SSL enabled database, and use the keytool to create a trust file from the certificate. 
keytool.exe -import -alias db2_ca -keystore trust.der  -storetype PKCS12 -file cert.der

Provide the trust file path and the password in the Database Panel of the Installation Manager for InfoSphere Master Data Management.  Gold data is loaded and the product is configured to work with the SSL enabled database.

The Database Panel provides fields to provide SSL related data.
Database Panel in Installation Manager  
When Silent Install is used, the below keys can be used to configure SSL.
  • user.db.ssl.enabled
  • user.db.ssl.file.path
  • user.db.ssl.password
  • user.db.ssl.store.type(JKS or PKCS12)
For example:
When SSL is enabled:
<data key="user.db.ssl.enabled,com.ibm.mdm.advanced" value="true"/>
<data key="user.db.ssl.file.path,com.ibm.mdm.advanced" value="D:/Work/SSL/trust.p12"/>
<data key="user.db.ssl.password,com.ibm.mdm.advanced" value="xxxxxxxx"/>
<data key="user.db.ssl.store.type,com.ibm.mdm.advanced" value="PKCS12"/>

When SSL is disabled:
<data key="user.db.ssl.enabled,com.ibm.mdm.advanced" value="false"/>
<data key="user.db.ssl.file.path,com.ibm.mdm.advanced" value="none"/>
<data key="user.db.ssl.password,com.ibm.mdm.advanced" value="none"/>
<data key="user.db.ssl.store.type,com.ibm.mdm.advanced" value="none"/>
Please note that user.db.ssl.enabled is a mandatory attribute from MDM v11.4 FP3.

Links:
Support for SSL encryption
Configuring SSL support in a DB2 instance