Obtaining and Installing an SSL Certificate

Note

Consider checking the Denodo SSL/TLS Configurator Script before following the steps detailed in this section.

Before enabling SSL in the Solution Manager servers and clients, you need to create a keystore with a key pair (a public key and associated private key) and a certificate.

The Denodo SSL/TLS Configurator Script can generate the keystore and import the required certificates into the corresponding truststore in some scenarios (when a PKCS #12 bundle or a set of PEM-encoded key and certificate files are available).

Alternatively, to generate a new keystore, follow one of these options:

  1. If you do not have an SSL private key, you can create a keystore with a self-signed private key.

  2. If you do not have an SSL private key, you can send a request to a certificate authority (CA) and create a keystore with the certificate reply.

  3. If you have a PFX file with the private key, create a keystore with its content (the Denodo SSL/TLS Configurator Script can also do this).

  4. If you already have a keystore file (usually, this file has the extension “jks”), jump to the next section.

If you already generated a keystore for a Denodo server, you can reuse that keystore and its cacerts file. To do this manually:

  1. Copy the keystore from the Denodo server installation (e.g. C:/denodo/denodo_server_key_store.jks) to the installation of the Solution Manager.

  2. Replace the cacerts file of the Solution Manager (<SOLUTION_MANAGER_HOME>/jre/lib/security/cacerts) with the cacerts file of the Denodo server installation (<DENODO_HOME>/jre/lib/security/cacerts). This second step is important, to make sure that the Solution Manager trusts the private key inside the keystore.

To use the options one, two or three, we are going to use the tool keytool. The keytool documentation for Windows and Linux provides more details about the parameters of this tool.