Document toolboxDocument toolbox

Set up Azure SQL in Certificate Manager

This article is valid for Certificate Manager 8.5 and later.

This article describes how to install and set up the Azure SQL database, used in Smart ID Certificate Manager (CM).

For detailed information about how to install Azure SQL, see the documentation available at https://azure.microsoft.com/en-us/products/azure-sql/database/.

Prerequisites

When Azure SQL is used for the CMDB database, tables and users must be created before the CM server is installed.

  1. Install the Azure SQL database according to the instructions for the downloaded Azure SQL installation package. Name the database instance 'cmdb'. It is recommended to create the database in the same region and to include it to the same virtual network as the virtual machines that will be running CF.

  2. Extract the Azure SQL database scripts create_user.sql and create_cmdb.sql, located at program_files/install/AzureSQL, from the server installation zip file, cm_server_<version>.zip.

Step-by-step instruction

Edit settings on the Azure SQL server

  1. Change the password for the lcmreq user, that will be created by the script below. The default password is REQreq01.

  2. Login as a user with administrative rights. It will be used to execute the scripts.

  3. On the master database, run the script that creates the lcmreq login:

    create_login.sql
  4. Check the log file and verify that the script was successful.

  5. On the CMDB database, run the script for creating the CMDB tables:

    create_cmdb.sql
  6. Check the log file and verify that the script was successful.

Edit settings on the CM server

When installing the CM server, include the SQLServer JDBC component to create the database connection parameters, which are stored in the cm.conf configuration file.

Secure the connection

  • TLS is enforced on the server side by default on Azure SQL databases.

  • The parameters for the JDBC connection URL that is created in the cm.conf configuration file during the CM installation, is going to work with the Azure SQL database.

  • The driver will initiate the TLS certificate exchange.

The server's TLS certificate will not be validated, but the entire communication will be encrypted. You can find further information on customizing the connection URL in the cm.conf and thus the TLS (for example, validating the server's certificate etc.) here: 
https://docs.microsoft.com/en-us/sql/connect/jdbc/understanding-ssl-support?view=sql-server-ver15

Additional information

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions