Setting up One-Way SSL and Two-Way SSL Connection for SQL Connector
Prerequisites
Before you set up ThingWorx Flow for one-way SSL or two-way SSL connections for SQL Connector, configure your database for one-way SSL or two-way SSL connections.
 |
If you specify the IP address, instead of the host name for certificate CN (common name) in the database certificates, then the one-way SSL or two-way SSL connection fails.
|
Steps
According to your database, use the appropriate section to set up one-way SSL and two-way SSL connections:
• Oracle
PostgreSQL, SQL Server, and MySQL databases
1. The value of the secret parameter (CONFIG_IMAGE) variable is used to decrypt the TrustStore. To obtain the value of the secret parameter, start Command Prompt as Administrator on the machine where you installed ThingWorx Flow, and run the following commands:
a. pm2 ls
Make note of the value of the ID of any ThingWorx Flow service.
b. pm2 env <ID>
, where <ID> is the ID of any ThingWorx Flow service. For example: the ID of the flow-api service.
c. Copy the value of the CONFIG_IMAGE variable.
2. Run the following command:
<ThingWorx Flow Installation Directory>\cryptography\tw-security-common-nodejs npm link
3. Run the following command to add the database CA certificate and the client certificate public and private keys to the TrustStore:
PtcOrchKeyFileTool set --keyName <Database Certificate Key Name> --keyPath <Path to Database Certificate File> --configPath <Absolute path to the config.json file of any Flow Service> --secret <Secret to decrypt the TrustStore>
Make note of the values of the keyName parameter. It provides values for the following fields while configuring a One-Way SSL or Two-Way SSL connection:
▪ Key for CA Certificate
▪ Key For Client Certificate Public Key
▪ Key For Client Certificate Private Key
4. Restart the ThingWorx and ThingWorx Flow server.
Oracle database
1. On the machine where the ThingWorx Flow server is installed, follow this link to install the Oracle 11.2 client libraries to enable connection to the Oracle database.
2. Extract the Oracle 11.2 client libraries to any directory, and create the /network/admin folders inside the extracted Oracle 11.2 client library directory.
3. Create the following files in the <OracleClientLibrary>/network/admin folder:
Provide the correct host and port values.
Provide the correct location of the Oracle Wallet.
4. In addition, you must complete the steps at Prerequisites for using Oracle database.
You have successfully set up ThingWorx Flow for one-way or two-way SSL connection for SQL connector.
You can now add a One-Way or Two-Way SSL connection for any SQL connector action. For more information, see Supported SQL Connector Types.