5 Replies Latest reply on May 18, 2017 7:55 AM by shawkins

    Channel encryption between teiid and database.

    kulbhushanc
    kulbhushanc May 15, 2017 3:25 AM

      Hi,

       

      I am able to set SSL between teiid client and teiid server using the instruction given @ JDBC/ODBC SSL connection using self-signed SSL certificates · Teiid Documentation

      But How to set encryption/SSL for the channel teiid server and database?

       

      I am using wildFly 10.0.0 and teiid 9.1.3

       

      Thanks,

      Kulbhushan Chaskar.

        • 1. Re: Channel encryption between teiid and database.
          shawkins
          shawkins May 15, 2017 8:44 AM (in response to kulbhushanc)

          > But How to set encryption/SSL for the channel teiid server and database?

           

          That will be vendor specific. Each database/driver should provide documentation on using SSL.

            • Actions
          • 2. Re: Channel encryption between teiid and database.
            kulbhushanc
            kulbhushanc May 17, 2017 5:59 AM (in response to shawkins)

            Lets say I am enabling SSL for Mysql Database, if I am using plain jdbc connection @ client I have to write code similar like this:

             

            Properties props = new Properties();
            props            .setProperty("user", "root");
            props            .setProperty("password", "root");
            props            .setProperty("javax.net.ssl.trustStore",
            "D:\\truststore\\truststore.jks");
            props            .setProperty("javax.net.ssl.trustStoreType","JKS");
            props            .setProperty("javax.net.ssl.trustStorePassword","welcome123");
            Connection conn = DriverManager.getConnection(url, props);

            How it will be look like for teiid or where it should place to enable SSL on teiid server?

              • Actions
            • 3. Re: Channel encryption between teiid and database.
              shawkins
              shawkins May 17, 2017 9:07 AM (in response to kulbhushanc)

              Here's a blog that outlines creating an SSL MySQL datasource on WildFly - https://mirocupak.com/secure-database-connection-with-wildfly/

                • Actions
              • 4. Re: Channel encryption between teiid and database.
                kulbhushanc
                kulbhushanc May 18, 2017 6:03 AM (in response to shawkins)

                Thanks Steven,

                 

                Looks like blog describes, to enable ssl for one data-source only.

                 

                i.e.

                export JAVA_OPTS="-server -Xms64m -Xmx512m \

                  -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true \

                  -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true \

                  -Djavax.net.ssl.keyStore=keystore.jks -Djavax.net.ssl.keyStorePassword=password \

                  -Djavax.net.ssl.trustStore=truststore.jks -Djavax.net.ssl.trustStorePassword=password"

                 

                by using this command we can configure only one keystore and truststore.

                 

                How do I configure more than one data source?

                  • Actions
                • 5. Re: Channel encryption between teiid and database.
                  shawkins
                  shawkins May 18, 2017 7:55 AM (in response to kulbhushanc)

                  You would need to check the documentation for each source type on how ssl is configured.  If they still require you to use the system properties for keystore/truststore, that's fine as you should only need 1 set.  For 2-way ssl presumably you'd keep using the cert from the keystore, and you would just keep adding the relevant server certs to the same truststore.

                    • Actions