Support for SSL encryption

InfoSphere® MDM supports SSL enabled databases and SSL server encryption.

Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client.

InfoSphere MDM supports SSL enabled databases to ensure a secure connection between the MDM database and the client. When SSL is enabled, data is encrypted during transmission, preventing unauthorized individuals from intercepting data.

InfoSphere MDM also supports SSL for server side encryption. To connect to the server, authorized users must obtain the SSL certificate from the database server and import the certificate into a local trust store.

There are additional installation options and configurations required to enable SSL encryption.

  • Enabling SSL when installing using IBM® Installation Manager in GUI mode:
    • On the Database Configuration panel, select the SSL Enable option, then provide the path of the SSL trust store file and the password for the trust store.
    Important: When you install InfoSphere MDM with SSL enabled using IBM Installation Manager in GUI mode, the type of trust store is presumed to be PKCS12. If the trust store type is not PKCS12, then use silent mode installation instead.
  • Enabling SSL when installing using silent installation mode:
    • Provide values for the following SSL related fields in a silent installation response file:
      • user.db.ssl.enabled - Set to true to enable SSL or false to disable SSL. This attribute is mandatory.
      • user.db.ssl.file.path - Provide the path of the SSL trust store file.
      • user.db.ssl.password - Provide the trust store password.
      • user.db.ssl.store.type - Define the type of trust store, such as PKCS12 or JKS.

SSL settings in WebSphere Application Server

When InfoSphere MDM is installed with an SSL enabled database, there are certain settings that are applied to WebSphere® Application Server. The following properties are added as custom properties for the data sources:

  • For DB2®, DB2 for z/OS®, and Oracle databases:
    • DWLConfig - sslConnection with a value of true
    • DWLCustomer - sslConnection with a value of true
    • MDM - encryptionMethod with a value of SSL
  • For Microsoft SQL Server:
    • DWLConfig - encryptionMethod with a value of SSL
    • DWLCustomer - encryptionMethod with a value of SSL
    • MDM - encryptionMethod with a value of SSL
Note: The properties that are added depend on the type of database driver used. An encryptionMethod is used when the database driver is Data Direct. An sslConnection is used with native drivers.

Additionally, with an SSL enabled database, the following properties are added to the custom properties of the JVM of the WebSphere Application Server:

  • javax.net.ssl.trustStore - The trust store path
  • javax.net.ssl.trustStorePassword - The trust store password
  • javax.net.ssl.trustStoreType - The trust store type

SSL settings in the ODBC driver

The following properties and values are added to the ODBC driver with SSL is used with InfoSphere MDM:

  • EncryptionMethod - 1 (indicating SSL)
  • TrustStore - The trust store path
  • TrustStorePassword - The trust store password
  • ValidateServerCertificate - false