SSL Self-Signed Cert Installation

Applies to: Denodo 8.0 , Denodo 7.0 , Denodo 6.0
Last modified on: 13 May 2020
Tags: SSL

Download document

You can translate the document:

Goal

This document gives a simple step-by-step walkthrough of how to configure SSL on Denodo Platform installations using a self-signed certificate.

Content

This guide assumes that the DENODO_HOME environment variable is set. All parameters within “<>” characters must be replaced.

Windows

Generate and install a self-signed SSL certificate

Generate new key pair in a key store

"%DENODO_HOME%\jre\bin\keytool" -genkeypair -alias self-signed -keyalg RSA -keysize 2048 -sigalg SHA1withRSA -keypass <key password> -keystore <keystore path *.jks> -storepass <keystore password> -storetype jks -validity 365

Export self-signed certificate

"%DENODO_HOME%\jre\bin\keytool" -exportcert -alias self-signed -keystore <keystore path *.jks> -storepass <keystore password> -file <self-signed certificate path *.cer>

Import self-signed certificate into TrustStore

"%DENODO_HOME%\jre\bin\keytool" -importcert -alias self-signed -file <self-signed certificate path *.cer> -keystore "%DENODO_HOME%\jre\lib\security\cacerts" -storepass changeit

Uncomment and change properties in these files:

%DENODO_HOME%\conf\vdp\VDBConfiguration.properties

com.denodo.security.ssl.enabled=true

com.denodo.security.ssl.keyStore=<client keystore path *.jks>

com.denodo.security.ssl.keyStorePassword=<client keystore password>

com.denodo.security.ssl.trustStore=%DENODO_HOME%/jre/lib/security/cacerts

%DENODO_HOME%\conf\vdp-admin\VDBAdminConfiguration.properties

com.denodo.security.ssl.trustStore=%DENODO_HOME%/jre/lib/security/cacerts

%DENODO_HOME%\resources\apache-tomcat\conf\tomcat.properties

com.denodo.tomcat.https.port=9443

com.denodo.security.ssl.enabled=true

com.denodo.security.ssl.keyStore=<client keystore path *.jks>

com.denodo.security.ssl.keyStorePassword=<client keystore password>

com.denodo.security.ssl.trustStore=%DENODO_HOME%/jre/lib/security/cacerts

com.denodo.security.ssl.trustStorePassword=changeit

Comment the non-SSL Connector and uncomment the SSL Connector in the file %DENODO_HOME%\resources\apache-tomcat\conf\server.xml (server.xml.template for Denodo versions previous to 6.0)

<!-- Define a non-SSL HTTP/1.1 Connector -->

<!--<Connector port="${com.denodo.tomcat.http.port}" … />-->

<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->

<Connector port="${com.denodo.tomcat.https.port}" … />

After enabling port 9443 and disabling port 9090 the port number of the Data Catalog registered in the Solution Manager needs to be changed too. See section Creating Servers of the Solution Manager Administration guide.

Linux

Generate and install a self-signed SSL certificate

Generate new key pair in a key store

"$DENODO_HOME/jre/bin/keytool" -genkeypair -alias self-signed -keyalg RSA -keysize 2048 -sigalg SHA1withRSA -keypass <key password> -keystore <keystore path *.jks> -storepass <keystore password> -storetype jks -validity 365 -dname "CN=<CommonName>,OU=<OrganizationalUnit>,O=<Organization>,L=<Locality>,ST=<StateOrProvinceName>,C=<CountryName>"

Export self-signed certificate

"$DENODO_HOME/jre/bin/keytool" -exportcert -alias self-signed -keystore <keystore path *.jks> -storepass <keystore password> -file <self-signed certificate path *.cer>

Import self-signed certificate into TrustStore

"$DENODO_HOME/jre/bin/keytool" -importcert -alias self-signed -file <self-signed certificate path *.cer> -keystore "$DENODO_HOME/jre/lib/security/cacerts" -storepass changeit

Uncomment and change properties in these files:

$DENODO_HOME/conf/vdp/VDBConfiguration.properties

com.denodo.security.ssl.enabled=true

com.denodo.security.ssl.keyStore=<client keystore path *.jks>

com.denodo.security.ssl.keyStorePassword=<client keystore password>

com.denodo.security.ssl.trustStore=$DENODO_HOME/jre/lib/security/cacerts

$DENODO_HOME/conf/vdp-admin/VDBAdminConfiguration.properties

com.denodo.security.ssl.trustStore=$DENODO_HOME/jre/lib/security/cacerts

$DENODO_HOME/resources/apache-tomcat/conf/tomcat.properties

com.denodo.tomcat.https.port=9443

com.denodo.security.ssl.enabled=true

com.denodo.security.ssl.keyStore=<client keystore path *.jks>

com.denodo.security.ssl.keyStorePassword=<client keystore password>

com.denodo.security.ssl.trustStore=$DENODO_HOME/jre/lib/security/cacerts

com.denodo.security.ssl.trustStorePassword=changeit

Comment the non-SSL Connector and uncomment the SSL Connector in the file $DENODO_HOME/resources/apache-tomcat/conf/server.xml (server.xml.template for Denodo versions previous to 6.0)

<!-- Define a non-SSL HTTP/1.1 Connector -->

<!--<Connector port="${com.denodo.tomcat.http.port}" … />-->

<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->

<Connector port="${com.denodo.tomcat.https.port}" … />

After enabling port 9443 and disabling port 9090 the port number of the Data Catalog registered in the Solution Manager needs to be changed too. See section Creating Servers of the Solution Manager Administration guide.

Questions

Ask a question
You must sign in to ask a question. If you do not have an account, you can register here

Featured content

DENODO TRAINING

Ready for more? Great! We offer a comprehensive set of training courses, taught by our technical instructors in small, private groups for getting a full, in-depth guided training in the usage of the Denodo Platform. Check out our training courses.

Training