Use > Hardening > Database Hardening > Configure UCMDB to Connect Securely to Microsoft SQL Server

Connect UCMDB Server to the Microsoft SQL Server with TLS Enabled

This section describes how to configure UCMDB to connect securely to Microsoft SQL Server.

  1. Prerequisite

    The Microsoft SQL Server to which UCMDB will connect needs to accept encrypted connections (SSL). For instructions about how to enable this, see https://support.microsoft.com/en-us/kb/316898 or contact your DBA.

  2. Configure UCMDB's JDBC drivers

    1. Install the UCMDB Server, without configuring the UCMDB Schema. For detailed information about how to install the Universal CMDB server, see the interactive Universal CMDB Deployment Guide
    2. Check if the \conf\jdbc.properties file exists. If not, create it.

      Note The jdbc.properties file must be encoded in ANSI. If the file is UFT-8 encoded, the properties will be ignored.

    3. Add the following settings into the jdbc.properties file:

      SQLServer = ddmssql
      ddmssql.EncryptionMethod=SSL
      ddmssql.ValidateServerCertificate=true
    4. Save the file.

    Note In case the Microsoft SQL Server is using a certificate that is not signed by a recognized Certificate Authority (CA) like a self-signed certificate, you need to import the Microsoft SQL Server database's certificate into the UCMDB Server's cacerts keystore (located in the <INSTALL_FOLDER>\UCMDBServer\bin\jre\lib\security\cacerts directory).

    To import the Microsoft SQL Server's certificate, run the following command:

    "<INSTALL_FOLDER>\UCMDBServer\bin\jre\bin\keytool.exe" -import -noprompt -trustcacerts -alias SQL_Server_Cert -file "<PATH TO SQL SERVER CERTIFICATE>" -keystore 
    "<INSTALL_FOLDER>\UCMDBServer\bin\jre\lib\security\cacerts" -storepass changeit

    If the command line prompts "Trust this certificate?", enter yes.

    To verify that the certificate was successfully imported, run the following command:

    "<INSTALL_FOLDER>\UCMDBServer\bin\jre\bin\keytool.exe" -list -keystore "<INSTALL_FOLDER>\UCMDBServer\bin\jre\lib\security\cacerts" -storepass changeit -alias SQL_Server_Cert
    1. Run the Configuration Wizard.

      Windows: Start > All Programs > UCMDB > Start Universal CMDB Server Configuration Wizard

      Linux: Run the <UCMDB_Server_InstallDir>/bin/configure.sh script

    2. Follow the wizard steps, and connect the UCDMB Server to the Microsoft SQL Server Database with TLS enabled.

    3. Start the UCMDB Server.