MySQL

Mirth® Connect by NextGen Healthcare User Guide

PostgreSQL

The simplest way to enable SSL/TLS traffic is to add "ssl=true" to your JDBC URL. For example: jdbc:postgresql://localhost:5432/mirthdb?ssl=true There is also an "sslmode" property you can use for more granular options: jdbc:postgresql://localhost:5432/mirthdb?sslmode=verify-full And many other options as well. Consult these online documentation pages for more information: https://www.postgresql.org/docs/current/ssl-tcp.html https://jdbc.postgresql.org/documentation/ssl https://jdbc.postgresql.org/documentation/head/connect.html#ssl Parent topic: Connect to Database using SSL/TLS

Mirth® Connect by NextGen Healthcare User Guide

SQL Server

Using the built-in jTDS JDBC driver, you can enable SSL/TLS by using the "ssl" option: jdbc:jtds:sqlserver://localhost:1433/mirthdb?ssl=authenticate The above option will require SSL/TLS traffic and require that the server certificate is trusted. If you want to accept self-signed certs, you can reduce the security level and use "ssl=require" instead. Using the Microsoft JDBC driver, you can enable SSL/TLS by using the "encrypt" option: jdbc:sqlserver://localhost:1433;databaseName=mirthdb;encrypt=true;trustServerCertificate=true Consult these online documentation pages for more information: http://jtds.sourceforge.net/faq.html https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/enable-encrypted-connections-to-the-database-engine https://docs.microsoft.com/en-us/sql/connect/jdbc/using-ssl-encryption Parent topic: Connect to Database using SSL/TLS

Mirth® Connect by NextGen Healthcare User Guide

Importing the Database Server Certificate

If the certificate your database is using is self-signed or not signed by a common trusted Certificate Authority (CA), then you will likely need to import that certificate into your default Java truststore in order to connect to your database using SSL/TLS. Your default Java truststore is typically the "cacerts" JKS file that usually resides inside your Java installation folder under "jre/lib/security", and the default password is "changeit". You can also override the default truststore by supplying the "-Djavax.net.ssl.trustStore" JVM option into the mcserver.vmoptions or mcservice.vmoptions files. Using keytool: keytool -importcert -keystore /path/to/javahome/jre/lib/security/cacerts -storepass changeit - alias myalias - file /path/to/cert/server .crt -noprompt Make sure to change the paths and alias above as needed. Depending on your permissions you may need to perform this as sudo/Administrator to edit the Java cacerts truststore. You can also use a GUI tool like Portecle to import

Mirth® Connect by NextGen Healthcare User Guide

Oracle

By default SSL/TLS is not used when connecting to Oracle via the JDBC thin client. To enable it, use the protocol TCPS in the expanded URL syntax: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=xe))) Note that the Oracle server must first be configured to support that TCPS protocol as well. Consult these online documentation pages for more information: https://docs.oracle.com/database/121/DBSEG/asossl.htm#DBSEG074 https://docs.oracle.com/en/database/oracle/oracle-database/20/jjdbc/client-side-security.html#GUID-2BD2F189-A58C-4A85-8524-CFD9BB9AC575 Parent topic: Connect to Database using SSL/TLS

Mirth® Connect by NextGen Healthcare User Guide

Connect to Database using SSL/TLS

By default, Mirth® Connect is configured to connect to an embedded Apache Derby database for quick deployment, development, and testing. When using Mirth® Connect in production environments, we recommend changing the underlying database to one of the supported servers: PostgreSQL 8.3+ MySQL 5.6+ Oracle 10gR2+ SQL Server 2005+ There is more information on changing the database type here: Changing the Database Type And more information about configurable options in mirth.properties here: mirth.properties File Typically these database connections are not encrypted by default. The instructions to enable SSL/TLS traffic for database connections differ depending on the database and JDBC driver you are using. Here are some instructions for each of the supported backend databases. For more information, consult the manuals for the specific database and JDBC driver you are using. Importing the Database Server Certificate PostgreSQL MySQL Oracle SQL Server Parent topic: Secure Installation and De

Mirth® Connect by NextGen Healthcare User Guide

Editing the Properties File Directly for Windows, Linux, and Mac

Navigate to the directory where you installed Mirth® Connect. Open the mirth.properties file inside the conf folder. Edit the following properties as needed: database: The type of database server to connect to (derby, mysql, postgres, oracle, sqlserver) database.url: The JDBC URL connection string If you need to connect using SSL/TLS, typically this is where you would add additional options to the URL. See Connect to Database using SSL/TLS for additional information. database.driver: If you need to use a custom JDBC Driver class, enter that fully-qualified class name here. database.username: Username for the database connection. database.password: Password for the database connection. Save the file. Parent topic: Change Database Settings

MySQL

Recommendations

PostgreSQL

SQL Server

Importing the Database Server Certificate

Oracle

Connect to Database using SSL/TLS

Editing the Properties File Directly for Windows, Linux, and Mac

PostgreSQL

SQL Server

Importing the Database Server Certificate

Oracle

Connect to Database using SSL/TLS

Editing the Properties File Directly for Windows, Linux, and Mac