Encrypting traffic from Service Now App to DB Server (SSL Over JDCB) for on-premise instance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2020 01:52 AM
Hi,
We are currently looking at encrypting the communication between Service Now Nodes and the DataBase server. (On-premise instance)
We are giving it a try with MariaDB
The steps seem pretty straight forward.
1- Define the SSL CA Cert, Server Cert, and Server Keys
2 - Define the Client Cert and Client Key
Then we configure the Server and the Client this way :
[server]
ssl-ca=/etc/mariadbssl/ca-cert.pem
ssl-cert=/etc/mariadbssl/server-cert.pem
ssl-key=/etc/mariadbssl/server-key.pem
[client]
ssl-cert=/etc/mariadbssl/client-cert.pem
ssl-key=/etc/mariadbssl/client-key.pem
However, we are not sure where to put this Client configuration
[client]
ssl-cert=/etc/mariadbssl/client-cert.pem
ssl-key=/etc/mariadbssl/client-key.pem
Do we need to create a new file in: /glide/nodes/node01/conf/overried.d to include this configuration ?
Thank you in advance for the clarification.
Has anyone managed to achieve this?
Thank you in advance for the help.
Kind Regards,
Samir
- Labels:
-
Best Practices
-
Reference Architecture
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2020 04:22 AM
Amazing !! that seems to be exactly what I need 🙂
I will give it a try next week and keep you informed.
Thank you so much !
Kind Regards,
Samir
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2020 07:12 AM
Good. Let us know if it works and remember to mark the correct answer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2020 08:10 AM
Samir,
In process of configuring the same but there is no documentation out there.
we have enabled mariadb to enable ssl. I created a new .properties file mariadb-ssl.properties and added the two parameters above. I am not sure how to check to see if the connection is ssl. I did not see anything in the sn log file.
Did you get this to work?
Does the file in the override.d folder have to be the name you gave it above? I think it said a file with .properties extension is only needed.
Thanks
Arun
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-13-2022 08:28 AM
We have a similar requirement for securing our SN instances. Any chance we can get the documentation you are referring to with the configuration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-13-2022 08:36 AM
Hm... I am in a different role/team by now. Not sure how much this has evolved and what we can share on the community or not. I would recommend to reach out to your account team and ask for on prem support. There are some real geniuses i.e. in the platform archiect team.
