With the release of InterSystems IRIS Cloud SQL, we're getting more frequent questions about how to establish secure connections over JDBC and other driver technologies. While we have nice summary and detailed documentation on the driver technologies themselves, our documentation does not go as far to describe individual client tools, such as our personal favourite DBeaver. In this article, we'll describe the steps to create a secure connection from DBeaver to your Cloud SQL deployment.

8 20
2 732

When using Studio, ODBC or a terminal connection to Caché or Ensemble, you may have wondered how to secure the connection. One option is to add TLS (aka SSL) to your connection. The Caché client applications - TELNET, ODBC and Studio - all understand how to add TLS to the connection. They just need to be configured to do it.

Configuring these clients is easier in 2015.1 and later. I'm going to be discussing this new method. If you're already using the old, legacy method, it will continue to work, but I would recommend you consider switching to the new one.

25 7
3 5.5K

In this post, I am going to detail how to set up a mirror using SSL, including generating the certificates and keys via the Public Key Infrastructure built in to Caché. The goal of this is to take you from new installations to a working mirror with SSL, including a primary, backup, and DR async member, along with a mirrored database. I will not go into security recommendations or restricting access to the files. This is meant to just simply get a mirror up and running.

5 7
0 2.4K

Updated Jan 19th, 2023.

Hi all,

I want to share a quick little method you can use to enable ssl with a self signed certificate on your local development instance of IRIS/HealthShare. This enables you to test https-specific features such as OAuth without a huge lift.

1. Install OpenSSL

Windows     : Download from https://www.openssl.org or other built OpenSSL Binary. 

Debian Linux: $ sudo apt-get -y install openssl

RHEL        : $ sudo yum install openssl
9 6
6 1.7K

There's an easy new way to add certificate authority (CA) certificates to your SSL/TLS configurations on InterSystems IRIS 2019.1 (and 2018.1.2) on Windows and Mac. You can ask IRIS to use the operating system's certificate store by entering:

%OSCertificateStore

in the field for "File containing Trusted Certificate Authority X.509 certificate(s)". Here's an image of how to do this in the portal:

14 4
4 1.3K

In this post, I am going to detail how to set up a mirror using SSL, including generating the certificates and keys via the Public Key Infrastructure built in to InterSystems IRIS Data Platform. I did a similar post in the past for Caché, so feel free to check that out here if you are not running InterSystems IRIS. Much like the original, the goal of this is to take you from new installations to a working mirror with SSL, including a primary, backup, and DR async member, along with a mirrored database. I will not go into security recommendations or restricting access to the files. This is meant to just simply get a mirror up and running. Example screenshots are taken on a 2018.1.1 version of IRIS, so yours may look slightly different.

8 3
4 1.3K

In this article, we will establish an encrypted JDBC connection between Tableau Desktop and InterSystems IRIS database using a JDBC driver.
While documentation on configuring TLS with Java clients covers all possible topics on establishing an encrypted JDBC connection, configuring it with Tableau might be a little bit tricky, so I decided to write it down.

2 3
2 442
Article
· Nov 27, 2017 1m read
Upgrading TLS configurations

Caché will not change the cryptographic settings in an existing TLS configuration when you upgrade. This means that unless you've updated them yourself, you're still using the values from the very first version you started using SSL in.

5 2
0 823
Article
· Aug 26, 2016 2m read
TLS v1.2 support in Caché

Question:

What version of Caché supports TLS v1.2?

Answer:

Caché 2015.2 announced support for TLS v1.1 and v1.2. In this version, the SSL/TLS configuration page provides checkboxes for TLS v1.1 and v1.2, which allows the versions to be configured individually. This allows sites to, for example, require TLS v1.2 only.

Additionally, some earlier versions of Caché provide undocumented support for TLS v1.1 and v1.2, specifically Caché 2014.1.3 and above and 2015.1, on Windows, Linux and Unix.

6 1
0 2.2K
Article
· Nov 23, 2021 4m read
Mutual TLS setup

Hi,

I recently needed to setup an SSL/TLS configuration in IRIS that supported mutual authentication (where the server IRIS is establish a connection to is verified, and, where IRIS is in turn verified by the remote host). After a bit of research and getting it done, I thought it worthwhile to just go over the process I went through in order to potential help others, and save you some time .

4 1
1 764

In this article we are going to see how we can use the WhatsApp instant messaging service from InterSystems IRIS to send messages to different recipients. To do this we must create and configure an account in Meta and configure a Business Operation to send the messages we want.

Let's look at each of these steps in more detail.

Setting up an account on Meta

This is possibly the most complicated point of the entire configuration, since we will have to configure a series of accounts until we can have the messaging functionality.

14 0
4 363

Hi,

I'm posting this for the benefit of others. Not often one changes certificates in Cache, at least in my case. I run a system, that uses certificates to encrypt SOAP messages, and since the last time I ran it, my certificates expired.

So I renewed them using our PKI tool, so far so good. I gave all (3) certificates the same names (and filenames too) as to those expired, thinking that everything would just work fine next time I call the SOAP service.

Unfortunately, I got trapped.

2 0
0 591
Article
· Nov 14, 2016 1m read
openssl for Windows

Question:

Where can I find the openssl command line tool for Windows?

Answer:

The openssl command line utility comes with Unix, but not with Windows. It is used for working with security certificates.

The main site is

https://www.openssl.org/

There are no binaries on this site but in the Community section there is a link for binaries which leads to:

1 0
0 933

I have posted to aid others in diagnosing problem with SSL/TLS connections to superserver port from .NET client executable.

The cache instance this appeared on is quite old - 2011 - so I do not know if Intersystems have added a better error message in a later version

The actual fault was due to the certificate in the %SuperServer SSL/TLS configuration having expired.

The unhelpful message that appeared in the .NET client included the following partial stack trace.

0 0
0 986

This is more for my memory that anything else but I thought I'd share it because it often comes up in comments, but is not in the InterSystems documentation.

There is a wonderful utility called ^REDEBUG that increases the level of logging going into mgr\cconsole.log.

You activate it by

a) start terminal/login

b) zn "%SYS"

c) do ^REDEBUG

6 0
0 1.1K

Several steps should be done in order to secure the connection through xDBC clients to an IRIS Server instance using TLS. Most of the information can be obtained from the documentation about TLS on IRIS here, about configuring the security layer for encrypted connections. In the next paragraphs we will cover an step-by-step guide on how to configure and test the connection using SQL Clients apps using ODBC and JDBC.

2 0
1 391