Filr Administrator can now enable or disable database communication encryption between the Filr server and the database.
The Database Connection page on the Appliance Console now includes a new option Encrypt Database Communication that enables you to encrypt the database communication from the Filr server. This option is disabled by default. Before selecting this option, you must ensure that the settings for your database are enabled to allow encryption of the communication from the database server to the Filr server.
To enable the database communication encryption between the Filr server and the database server, you must first configure your database settings to support communication encryption followed by configuring the settings on the Filr server.
Refer to the following database-specific documentation to enable the database communication encryption from the database server to the Filr server:
For MS SQL If you are using the MS SQL server, perform the following steps to secure the database communication:
Configure SQL Server to use certificates.
Configure encryption settings in SQL Server.
Ensure that the server certificate is created with the SHA256 algorithm. For more information, see Configure SQL Server Database Engine for encryption - SQL Server | Microsoft Learn.
Export the certificate from the MSSQL Server Certificate. For more information, see SQL Server | Microsoft Learn.
Import certificate in Filr - Importing the Root Certificate into the Java Keystore. For more information, see LDAP Synchronization Security - OpenText Filr 23.4: Maintenance Best Practices Guide.
For Postgres Server: If you are using the Postgres server, perform the following steps to secure the database communication:
NOTE:While configuring, ensure that the Postgres database server with Filr appliance uses the Postgres server hostname.
Configure Postgres Server to use certificates. For more information, see Create certificates section.
Configure PostgreSQL Server for SSL by editing the Postgres conf file with required certificates. For more information, see Setting up SSL.
Configure pg_hba file for SSL. For more information, see hostssl.
Restart the Postgres server.
MariaDB Server: From MariaDB 11.4, SSL is now enabled in the server by default. If not, do the following for enabling the SSL and configuring the server.
For MySQL Server: SSL certificates are automatically generated for MySQL under /var/lib/mysql folder in MySQL.
For more information about configuring SSL in MySQL server, see here.
Before you configure your Filr server to enable database communication encryption from the Filr server to the database, you must ensure that you have configured your database to enable encryption from the database server to the Filr server. See Configuring the Database Settings.
To configure the Filr server to encrypt data:
Log in to the Filr appliance at https://server_url:9443.
Click Configuration > Database.
Select the Encrypt Database Communicationcheckbox to enable encryption from the Filr server.
A message that you must have the encryption from the database server already enabled pops up. Ensure that the encryption from the database server is enabled and then click OK.
Click OK, then click Reconfigure Filr Server for your changes to take effect.
This stops and restarts your Filr server. Because this results in server downtime, you should restart the server at off-peak hours.
NOTE:To disable the data encryption between the Filr server and the database server, you must first disable the secure database communication and then deselect the Encrypt Database Communication option. For information about configuring the database settings, see Configuring the Database Settings.