Saviynt Forums

Amar_Simha · ‎03/05/2024

Hi Team,

We are looking to have SSL connectivity between Saviynt and target database system. I am looking for following details regarding the same. please share your views.

1. JDBC URL modifications required for enabling SSL connectivity.

2. Certificate requirements and supported formats. Also is there an option to automate certificate expiry notification.?

3. Validating that the data is being transmitted via SSL connectivity.

4. Any dependencies or configuration changes required on SC 2.0

AmitM · ‎03/05/2024

Hi @Amar_Simha , please find the doc (Search SSL Certificate) - https://docs.saviyntcloud.com/bundle/Database-v24x/page/Content/Configuring-the-Integration-for-Impo...

Cert management and expiry notification details - https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter07-General-Administrator/Cer...

No specific changes on SC2 , except making sure connectivity between SC2 client and DB server on SSL port.

You could ask DBA team to force SSL and not allow non ssl. And if you can talk to it means it is via SSL/TLS.

Thanks,

Amit

If this answers your query, Please ACCEPT SOLUTION and give KUDOS.

Amar_Simha · ‎03/06/2024

Thanks @AmitM for response.

making sure connectivity between SC2 client and DB server on SSL port. - How can we test this part?

Also, I could not find any JDBC URL related changes in the document links provided by you. please confirm.

AmitM · ‎03/06/2024

There are no JDBC URL related changes for going SSL. It is same as non-ssl.

making sure connectivity between SC2 client and DB server on SSL port. - How can we test this part?

Ask your DB team on which port this service is running and telnet Database IP port from SC2 client

Thanks,

Amit

Amar_Simha · ‎03/08/2024

@AmitM : Thank you for the reply.

There are no JDBC URL related changes for going SSL. It is same as non-ssl. - Just trying to understand, how does SSL connectivity invoked if JDBC changes are not required.? Is it like if certificate is attached to connection, Saviynt tries SSL connectivity.?

Could you please help in understanding the process.? Thanks

AmitM · ‎03/08/2024

Hi @Amar_Simha , it is combination of JDK, JDBC and DB server doing their stuff.

You need cert from db server and have it stored in client (SAviynt), in your connector if you have mentioned SSL, Then client/Saviynt will take the cert to JDBC driver when trying to talk to server.

Then JDBC driver will take care of it.

Thanks,

Amit

If this answers your query, Please ACCEPT SOLUTION and give KUDOS.

Amar_Simha · ‎03/08/2024

@AmitM : Thank you very much for your detailed explanation and pardon me for continuous queries.

You need cert from db server and have it stored in client (SAviynt), in your connector if you have mentioned SSL, Then client/Saviynt will take the cert to JDBC driver when trying to talk to server.

[Amar] - From the above underlined statement, we need to mention SSL somewhere? If yes, can you help us where? Is it just adding certificate at connection level?

AmitM · ‎03/08/2024

Amar_Simha · ‎03/08/2024

Thank you @AmitM !!

rushikeshvartak · ‎03/10/2024

Below are configs

Connection properties - { "sslConnection" : "true", "trustServerCertificate" : "true" , "encrypt" : "true"}

Refer below doc

https://docs.saviyntcloud.com/bundle/Database-v24x/page/Content/Preparing-for-Integration-v2022.htm

Setting Up a Secure Connection with the Database

You can force all connections to your database instance to use SSL, or you can encrypt connections from specific client computers. To use SSL from a specific client, you must obtain certificates for the client computer, import certificates on the client computer, and then encrypt the connections from the client computer.

To create an SSL connection:

Enable the SSL connection on the client database.
Import the database certificate provided by the client database team into the EIC keystore <location>.
You can use the user interface to map the SSL certificate with the connection. The certificates are stored in the EIC trust store. For more information, see Certificate Management in the Enterprise Identity Cloud Administration Guide.
Update the connection string to enforce the SSL connection.
jdbc:sqlserver://<hostname>:<portnumber>;databasename=<dbname>;encrypt=true;trustServerCertificate=false

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Amar_Simha · ‎03/11/2024

Thanks @rushikeshvartak @AmitM : I did try with these properties and have not uploaded certificate into Saviynt yet. Still connection is successful, is this an expected one? Shouldn't it be erroring the connection?

Just to add, I am trying with snowflake db.

rushikeshvartak · ‎03/11/2024

I tested this but never worked for me 🙂

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Amar_Simha · ‎03/12/2024

@rushikeshvartak : so you mean we cannot enable SSL connectivity to Databases (snowflake in this case)?

rushikeshvartak · ‎03/12/2024

I have tested for MSSQL not for snowflake you can try

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Amar_Simha · ‎03/13/2024

Alright, thank you!

Saviynt Forums

SSL connection to Database

Setting Up a Secure Connection with the Database