Skip Ribbon Commands
Skip to main content
Navigate Up
Sign In

Quick Launch

Average Rating:

facebook Twitter
Email
Print Bookmark Alert me when this article is updated

Feedback

Enabling SSL on DDM for SQL Server in TDM
Content
In Test Data Management (TDM), you have to get connected to an SSL enabled database using DDM then the DDM has to be SSL enabled as well. That is, SSL enabled SQL Server has to configured on DDM.

Do as follows to configure SSL enabled SQLServer database in DDM:

  • Generate the truststore for SQL server database​​:

Run the following command in the command line after traversing to the DDM installation directory:  
​​

keytool -importcert -alias <alias_name> -keystore <truststore_name.jks> -storepass Welcome123 -file <path_of_sqlserver_database_certificate>


For instance:


keytool -importcert -alias sqlserver1 -keystore D:\sqlserver.jks -storepass Welcome123 -file D:\certfile


Screenshot (970).png 

 


Here, sqlserver.jks file would be created under C directory which contains SQL server database certificate with alias name sqlserver1.



Screenshot (924).png 

 


  • Create a jvm.params file with the following content: 

-Djavax.net.ssl.trustStore=<path_of_truststore_file> jks -Djavax.net.ssl.trustStorePassword=Welcome123 -Djavax.net.ssl.trustStoreType=jks

 

For instance:

-Djavax.net.ssl.trustStore= D:\sqlserver.jks  -Djavax.net.ssl.trustStorePassword=Welcome123 -Djavax.net.ssl.trustStoreType=jks



Screenshot (925).png 

  • Copy the jvm.params file to installation directory of DDM (Ex: C:\DDMInstance)

  • Restart the DDM using server stop, server remove and then server start commands​
  • Launch Management console and click on Site in left panel tree and click on Add Databases option in menu bar
  • Provide SSL enabled SQL Server database details and click on SSL checkbox and click on Test Connection button. We should get ‘Validated’ pop-up. And, click on OK to save the database node

        Note: While providing the server address to create a database give the complete server address as issued in the SQL Server certificate e.g. SQL.XYZ.com

Screenshot (1199)_LI.jpg


 Connecting to DDM SQL Server from SSMS using an SSL connection: 

  1. Launch SSMS.
  2. Click on Connect > Database Engine.
  3. ​Provide DDM hostname, port number​.
  4. Provide a username and password​.
  5. Click on Connection Properties and click on Encrypt Connection and Trust Server Certificate​ checkboxes and then click on Connect​.
  6. Observed that SSMS is able to connect to DDM which internally connect to SSL enabled SQL Server DB​.


More Information
​Checking the Certificate location configured in SQL Server Configuration Manager: 

  1. ​​Login into SQL Server database machine.
  2. Click on Windows symbol and search for SQL Server Configuration Manager and open it.
  3. Expand SQL Server Network Configuration option in the left panel.
  4. Right-click on Protocols for MSSQLSERVER option and then click on the Properties option.
  5. In the pop-up, click on Certificates tab.
  6. Observe that a certificate should be configured in Certificate drop-down.
Note

This certificate should be used to generate truststore.

Getting the certificate which is configured in SQL Server Configuration Manager: 

  1. Log into the SQL Server database machine.
  2. Click on the Windows symbol and search for mmc.exe and open it.
  3. Click on file > Add/Remove Snap-in option.
  4. In the left panel, click on Certificates option and then click on the Add button.
  5. In certificates Snap-in pop-up, click on Computer Account option and then click Next.
  6. Keep default option Local Computer and then click the Finish button.
  7. Click on Ok in Add or Remove Snap-ins pop-up.
  8. Expand Certificates > Personal and then click on Certificates directory in the left panel.
  9. A list of certificates would be shown in the right panel.
  10. Select the certificate which is configured in SQL Server Configuration Manager, right-click on it and click on All Tasks > Export option.
  11. in the pop-up, continue with default options and provide a path for a certificate to generate the certificate
  12. Use that certificate to generate truststore and use truststore to connect from any client.


Reference


Attachments


Applies To
Product: Dynamic Data Masking
Problem Type: Configuration; Performance; Product Feature
User Type: Administrator; Architect
Project Phase: Configure; Implement; Onboard
Product Version:
Database:
Operating System:
Other Software:

Last Modified Date: 6/28/2020 3:58 PM ID: 608811
People who viewed this also viewed

Feedback

Did this KB document help you?



What can we do to improve this information (2000 or fewer characters)