Configuring i2 Analyze to connect to a database instance using TLS

To connect to a database instance by using TLS, i2 Analyze must be able to authenticate the certificate that it receives from the database server.

Before you begin

Important: If your deployment of i2 Analyze uses PostgreSQL rather than IBM Db2 or Microsoft SQL Server, read Configuring SSL for a PostgreSQL instance instead of this topic.

About this task

i2 Analyze uses a Java™ truststore to verify the certificate from the database server, and so you must create a truststore on your i2 Analyze server that contains the trusted certificates for your database. You can use the same truststore that is used for Liberty. For more information, see Creating the Liberty keystore and certificate.

For Liberty to communicate with the secured database, in the topology database element you must specify the secure connection attribute to be true and the name of the truststore that contains the database certificate. Also, specify the correct port number, which corresponds to the TLS port for the database. In the credentials.properties file, the correct password for the specified truststore must be added.

Steps

  1. Modify the i2 Analyze topology to use TLS for its database connection.

    1. In an XML editor, open the toolkit\configuration\environment\topology.xml file.

    2. In the <database> element for the database that you want to connect to with TLS, add the secure-connection="true" attribute.

    3. In the same <database> element, add the trust-store attribute with the location of the truststore.

      If you are using Db2:

      <database database-type="InfoStore" dialect="db2"
                instance-name="DB2" database-name="ISTORE" xa="false"
                id="infostore" host-name="hostname" port-number="50001"
                secure-connection="true"
                trust-store="C:/i2/i2analyze/i2-liberty-truststore.p12"/>

      If you are using SQL Server:

      <database database-type="InfoStore" dialect="sqlserver" 
                database-name="ISTORE" xa="false" id="infostore"
                host-name="hostname" port-number="1433"
                secure-connection="true"
                trust-store="C:/i2/i2analyze/i2-liberty-truststore.p12"/>
    4. In same element, ensure that the following attribute values are correct:

      • The host-name attribute value must match the common name that is associated with the certificate for the database.

      • The port attribute value must match the value of the port number when you configured the database management system for TLS.

  2. Specify the truststore password in the credentials file:

    1. In a text editor, open the toolkit\configuration\environment\credentials.properties file.

    2. Enter the password for the truststore in the db.infostore.truststore.password credential.

Update the application with your configuration changes. For more information, see Redeploying Liberty.