Enable SSL Connections in the Denodo Platform Servers¶
This section explains how to secure with SSL (TLS) the connections between the Denodo Platform servers, their administration tools and their clients. If you do not need this, jump to the section Postinstallation Tasks in Virtual DataPort. To know how to establish SSL connections with data sources, go to section Importing the Certificates of Data Sources (SSL Connections).
Although in this document we will refer to SSL, you are actually enabling the encryption protocol TLS (Transport Layer Security), which is the successor of SSL.
SSL requires configuring certificate repositories. There are two types of certificate repositories:
An application that listens to incoming SSL connections needs a public key and a private key in order to allow clients to access the server. In Java, these keys are stored in a repository called KeyStore.
During the initialization of an SSL connection, the server sends its SSL certificate to the client. The client must then decide if it trusts this or not. To do this, the client checks if the certificate has been signed by a trusted certification authority (CA). The TrustStore is a repository of the certificates of trusted certification authorities.
Every Java installation comes with a TrustStore that the JRE uses by
<DENODO_HOME>/jre/lib/security/cacerts file). If the server’s
certificate is not signed by a trusted authority (i.e. one that is not
registered in the Java’s TrustStore), you have to store the
certificate of the authority, which can be stored in:
cacertsfile of the JRE used to launch the Denodo Platform servers and their tools (
<DENODO_HOME>/jre/lib/security/cacertsfile). This is the recommended option because adding the certificate of the authority to this file will make the configuration of the Denodo Platform servers easier.
- Or, in a new TrustStore.
Oracle’s Java Development Kit (JDK) ships with a utility called keytool that manages the Certificate Repositories.
These are the steps to enable SSL: