Below is the procedure to configure Maximo in Microsoft SQL server
1. Configure IBM HTTP server to disable less secure protocols
1.1 Open the httpd.conf file under IBM\HTTPServer\conf\
1.2 Add SSLProtocolDisable SSLv2 SSLv3 TLSv10 TLSv11 inside the SSL configuration part between <VirtualHost *:443> and </VirtualHost>
2. Modify WebSphere client properties file force to use TLS 1.2
2.1 Open the file file ssl.client.prop file for deployment manager under IBM\WebSphere\AppServer\profiles\ctgDmgr01\properties\
2.2 Set com.ibm.ssl.protocol to the value com.ibm.ssl.protocol=TLSv1.2 and save the file
2.4 Set com.ibm.ssl.protocol to the value com.ibm.ssl.protocol=TLSv1.2 and save the file
3. Configure WebSphere SSL configuration to only allow TLS 1.2
3.1 Login WebSphere admin console
3.2 Stop all WebSphere Application Server process
3.3 Expand Security → SSL certificate and key management
3.4 Click SSL configuration under Related Item
3.5 Click CellDefaultSSLSettings
3.6 Click Quality of protection (QoP) settings
3.7 Pull down Protocol and select SSL_TLSv2 to only allow TLS 1.2
3.8 Save the change
3.9 Repeat 3.5 to 3.8 for NodeDefaultSSLSettings and XDADefaultSSLSettings
4. Update application server generic JVM argument
4.1 Still in WebSphere admin console
4.2 Expand Servers → Server Types → WebSphere Application Server
4.3 Click MXserver
4.4 Click Java and Process Management → Process definition under Server Infrastructure
4.5 Click Java Virtual Machine under Additional Properties
4.6 Add the argument -Dcom.ibm.jsse2.overrideDefaultTLS=true to General JVM arguments
4.7 Click OK and Click Save in message box to save to master
5. Update JDBC driver
Since there is allows SSL Protocol to set in JDBC connection string after JDBC 6.4, we should update to 6.4 or higher version of the driver.
https://docs.microsoft.com/en-us/sql/connect/jdbc/download-microsoft-jdbc-driver-for-sql-server?view=sql-server-ver15
5.1 Download the update JDBC driver for Maximo
5.2 Extract the downloaded drive
5.3 Rename the jdbc-xxxx.jar to sqljdbc.jar, reference to Maximo Java rutime version to rename.
https://www.ibm.com/support/pages/what-version-jdk-supported-maximo-76
5.4 Copy the driver sqljdbc.jar to IBM\SMP\maximo\applications\maximo\lib and replace the existing.
6. Modify JDBC connection string in maximo.properties
6.1 Open the file maximo.properties under IBM\SMP\maximo\applications\maximo\properties
6.2 Add the properties encrypted=true;trustServerCertificate=true;sslProtocol=TLSv1.2; to end of JDBC connection string
6.3 Follow the guide to encrypt maximo.peoperties
6.4 Rebuild and deploy the maximo.ear
If there still get error in the log like below
BMXAA6806I - Reading the properties file maximo.properties.
com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".
at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:2397)
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1762)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1977)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:1628)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:1459)
Update the IBM JDK by applying the latest fix pack with the link below
https://developer.ibm.com/javasdk/support/fixes/sdk7/
https://developer.ibm.com/javasdk/support/fixes/sdk8/
Thank you.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteIs it suitable for Maximo 7.5? The error log shows SSL connection can not be established since I join the database server to windows domain. I guess it is caused from the group policy to disable TLS 1.0 & TLS 1.1
ReplyDelete