Obtaining and Installing an SSL Certificate¶
Consider checking the Denodo SSL/TLS Configurator Script before following the steps detailed in this section.
Before enabling SSL in the Solution Manager servers and clients, you need to create a keystore with a key pair (a public key and associated private key) and a certificate.
The Denodo SSL/TLS Configurator Script can generate the keystore and import the required certificates into the corresponding truststore in some scenarios (when a PKCS #12 bundle or a set of PEM-encoded key and certificate files are available).
Alternatively, to generate a new keystore, follow one of these options:
If you do not have an SSL private key, you can create a keystore with a self-signed private key.
If you do not have an SSL private key, you can send a request to a certificate authority (CA) and create a keystore with the certificate reply.
If you already have a keystore file (usually, this file has the extension “jks”), jump to the next section.
If you already generated a keystore for a Denodo server, you can reuse that keystore and its
cacerts file. To do this manually:
Copy the keystore from the Denodo server installation (e.g.
C:/denodo/denodo_server_key_store.jks) to the installation of the Solution Manager.
Replace the cacerts file of the Solution Manager (
<SOLUTION_MANAGER_HOME>/jre/lib/security/cacerts) with the cacerts file of the Denodo server installation (
<DENODO_HOME>/jre/lib/security/cacerts). This second step is important, to make sure that the Solution Manager trusts the private key inside the keystore.