Configuring i2 Analyze to connect to a database instance using TLS
To connect to a database instance by using TLS, i2 Analyze must be able to authenticate the certificate that it receives from the database server.
Before you begin
Ensure that you configured Liberty for TLS. For more information, see Configuring Liberty for TLS.
Your database management system must be configured for TLS. For more information, see:
Important: If your deployment of i2 Analyze uses PostgreSQL rather than IBM Db2 or Microsoft SQL Server, read Configuring SSL for a PostgreSQL instance instead of this topic.
About this task
i2 Analyze uses a Java™ truststore to verify the certificate from the database server, and so you must create a truststore on your i2 Analyze server that contains the trusted certificates for your database. You can use the same truststore that is used for Liberty. For more information, see Creating the Liberty keystore and certificate.
For Liberty to communicate with the secured database, in the topology database element you must specify the secure connection attribute to be true and the name of the truststore that contains the database certificate. Also, specify the correct port number, which corresponds to the TLS port for the database. In the credentials.properties
file, the correct password for the specified truststore must be added.
Steps
Modify the i2 Analyze topology to use TLS for its database connection.
In an XML editor, open the
toolkit\configuration\environment\topology.xml
file.In the
<database>
element for the database that you want to connect to with TLS, add thesecure-connection="true"
attribute.In the same
<database>
element, add thetrust-store
attribute with the location of the truststore.If you are using Db2:
<database database-type="InfoStore" dialect="db2" instance-name="DB2" database-name="ISTORE" xa="false" id="infostore" host-name="hostname" port-number="50001" secure-connection="true" trust-store="C:/i2/i2analyze/i2-liberty-truststore.p12"/>
If you are using SQL Server:
<database database-type="InfoStore" dialect="sqlserver" database-name="ISTORE" xa="false" id="infostore" host-name="hostname" port-number="1433" secure-connection="true" trust-store="C:/i2/i2analyze/i2-liberty-truststore.p12"/>
In same element, ensure that the following attribute values are correct:
The
host-name
attribute value must match the common name that is associated with the certificate for the database.The
port
attribute value must match the value of the port number when you configured the database management system for TLS.
Specify the truststore password in the credentials file:
In a text editor, open the
toolkit\configuration\environment\credentials.properties
file.Enter the password for the truststore in the
db.infostore.truststore.password
credential.
Update the application with your configuration changes. For more information, see Redeploying Liberty.