(Developer)

Enable SSL for database connections in a development environment

As you update the site to be General Data Protection Regulation (GDPR) ready, you may need to take additional steps to encrypt customer data during all communication, both internal and external. Typically, the development environment should not include personal data for our shoppers. If circumstances necessitate the use of personal data in the development environment, encrypt the communication between your servers and the database. To protect any data transfer between a server and the database, we can set up a Secure Sockets Layer (SSL) connection.

By default, data that is communicated between WebSphere Commerce servers and the database is not encrypted. WebSphere Commerce only encrypts communication between the Transaction server and Search server and between the Store server and Search server. In rare circumstances, customer information may be used in the development environment for testing and validation purposes. For this reason, encryption of communications with the development environment is an option. If you need to encrypt the communication, set up the SSL connection for only the following servers, which directly interface with the database:

• Transaction server

• Search server

The Customization server and Store server do not communicate directly with the database.

Before beginning

Configure DB2 to use SSL before you switch to the protocol in WebSphere Commerce.

1. Configure the database to use SSL. See Configure Secure Sockets Layer (SSL) support in a DB2 database.

2. Extract the certificate that was created in the previous step, and copy it to the WebSphere Commerce environment. SSL uses the certificate to connect the database to WebSphere Commerce utilities.

Procedure

Configure the database connection for the Transaction server.

1. Import the database server certificate for the Transaction server:

   1. Open the WebSphere Application Server administrative console.

   2. Go to Security > SSL certificate and key management > Key stores and certificates > {select a resource} > Signer certificates > Retrieve from port.

   3. Click Retrieve from port.

   4. Enter the host name and security port of the database server.

   5. Type an alias name for the certificate.

   6. Click Retrieve signer information.

   7. Click OK to save the configuration.

2. Configure the data source to support SSL for the Transaction server.

   1. Select Resources > JDBC > Data sources.

   2. Select WCDataSource in the data source list.

   3. Update the port number in the Common and required data source properties section. Enter the value of the security port that you set in the database server.

   4. Click Apply.

   5. In the Additional Properties section, select Custom properties.

   6. Click New

   7. Enter sslConnection in the Name field, and enter 'true' in the Value field.

   8. Click OK to save the configurations.

3. Configure the database connection for the Search server.Repeat these steps to configure the database connection for the Search server.

   1. Import the database server certificate for the Search server. See Importing certificates from a local JSON file.

   2. Configure the data source to support SSL on the Search server.

4. Restart the Test server and the Search server.

Related concepts
General Data Protection Regulation (GDPR) and WebSphere Commerce