Learn how you can configure an existing Streams Messaging Manager (SMM) service to
securely connect to its database using TLS 1.2.
- Ensure that TLS 1.2 has already been enabled on the SMM database.
- Ensure that a truststore file containing the database certificate is available
on the SMM hosts. Additionally, ensure that you know the location of the file
and that the user SMM runs as has access to the file. The default user for SMM
is
stremsmsgmgr.
-
Go to and enter the following configuration values depending on the
database type.
- MySQL
-
jdbc:mysql://[***DB HOST***]:[***DB PORT***]/[***DB NAME***]?useSSL=true&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE PASSWORD***]&enabledTLSProtocols=TLSv1.2
- PostgreSQL
-
jdbc:postgresql://[***DB HOST***]:[***DB PORT***]/[***DB NAME***]?useSSL=true&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE PASSWORD***]&enabledTLSProtocols=TLSv1.2
- Oracle
-
jdbc:oracle:thin:@tcps://[***DB HOST***]:[***DB PORT***]/[***DB NAME***]?javax.net.ssl.trustStore=[***TRUSTSTORE PATH***]&javax.net.ssl.trustStorePassword=[***TRUSTSTORE PASSWORD***]&oracle.net.ssl_server_dn_match=false
- Replace [***DB HOST***], [***DB
PORT***], and [***DB NAME***] with the
host, port, and name of the database.
- Replace [***TRUSTSTORE PATH***] with the full path to
a truststore that contains the database certificate. The truststore must
be available on the host that SMM is deployed on. Additionally, the user
that the SMM service runs as, default is
streamsmsgmgr,
must have access to the file.
- Replace [***TRUSTSTORE PASSWORD***] with the password
used to access the truststore you specify in [***TRUSTSTORE
PATH***].
-
Click Save Changes.
-
Restart the SMM service.
The SMM service establishes a secure connection with its
database.
