Establishing secure connection between OpManager and MSSQL database

The following steps are to establish a secure connection between MSSQL database and OpManager versions 127131 and above.

Prerequisites:

  • A valid SSL certificate in PFX format that won't be expiring soon is required. If the certificate in another format, please convert it into a PFX file.
  • The Common Name in the Subject field of the certificate must be the same as the Fully Qualified Domain Name (FQDN) of the device in which the MSSQL Server is installed.

Follow the below steps to ensure secure communication between OpManager and MSSQL

Associating the SSL certificate with MSSQL

Follow the below steps to select and associate the required SSL certificate with the MSSQL server

  1. Open SQL Server Configuration Manager.
  2. enable-mssql

  3. Navigate to SQL Server Network Configuration.
  4. enable-mssql

  5. Right-click on the protocols for the specific MSSQL instance you wish to associate the certificate with (e.g., 'protocols for SQLSERVER'). Select Properties.

    enable-mssql

  6. In the Flags window, set Force Encryption to YES.
  7. enable-mssql

  8. In the Certificate tab, select the required certificate from the dropdown menu, and click 'OK'. The SSL certificate will be displayed in the dropdown menu, only if the device had the required certificate saved/installed in it.
  9. enable-mssql

  10. Note that the certificate association will take effect only after the MSSQL instance is restarted. Make sure to restart the database after completing the certificate association.

Steps to save the SSL certificate in the server:

Follow the below steps to save a copy of the SSL certificate to the local file directory,

  1. Open IIS manager on your server.
  2. Save ssl certificate

  3. Navigate to the "Server Certificates" section.
  4. Save ssl certificate

  5. Select the specific certificate you want to export, and open it.
  6. Save ssl certificate

  7. Switch to the Details tab to view the certificate details.
  8. Save ssl certificate

  9. Click on the "Copy to File" option to open the Certificate Export wizard.
  10. Save ssl certificate

  11. Follow the wizard's prompts, and click "Next" to proceed.
  12. Save ssl certificate

  13. On export private key window, select the option that says 'NO, do not export the private key'. Then click Next.
  14. Save ssl certificate

  15. In the "Export File Format" window, ensure that either "DER encoded binary X.509 (.CER)" or "Base-64 encoded X.509 (.CER)" is chosen, and then click "Next."
  16. Save ssl certificate

  17. Provide a name for the export file.
  18. Save ssl certificate

  19. Click Next, and then click Finish to finish exporting the certificate.

Steps to enable MSSQL SSL in OpManager:

  1. Replace the <certificateservername> with the certificate name (CN) from the IIS manager and then replace the following parameters in database_params.conf under
    <OpManagerHome>/conf : encrypt=true;trustServerCertificate=false;hostNameInCertificate=<CertificateServerName>
  2. enable-mssql

    enable-mssql

    Example:

    URLurl=jdbc:sqlserver://localhost:1433;databaseName=<DBName>encrypt=true;trustServerCertificate=false;hostNameInCertificate=<CertificateServerName>

  3. Make a copy of MSSQL SSL certificate which were exported from the above steps to save certificate, and put it under <OpManagerHome>/conf.
  4. Open cmd prompt under <OpManagerHome>/bin and run importCertificate.bat. Note that, MSSQL will be enabled only if the certificate names in database_params.conf and IIS manager are the same.
  5. Example: importCertificate.bat sslcertificate.cer
    Now start the product.

Thank you for your feedback!

Was this content helpful?

We are sorry. Help us improve this page.

How can we improve this page?
Do you need assistance with this topic?
By clicking "Submit", you agree to processing of personal data according to the Privacy Policy.