alexwoolford/sdc_self_signed.txt

## sdc_self_signed.txt
# creates keystore
keytool -genkey \
        -noprompt \
        -trustcacerts \
        -keyalg RSA \
        -alias sdc.woolford.io \
        -dname "CN=sdc.woolford.io, OU=woolford.io, O=woolford.io, L=Lafayette, ST=Colorado, C=US" \
        -keypass password \
        -keystore /etc/sdc/keystore.jks \
        -storepass password

# convert to PKCS12
keytool -importkeystore -srckeystore /etc/sdc/keystore.jks -destkeystore /etc/sdc/keystore.jks -deststoretype pkcs12

# exports certificate from the keystore
keytool -export -alias sdc.woolford.io -storepass password -file /tmp/sdc.woolford.io.cer -keystore /etc/sdc/keystore.jks

# create truststore and import certificate
keytool -import -v -trustcacerts -alias sdc.woolford.io -file /tmp/sdc.woolford.io.cer -keystore /etc/sdc/truststore.jks -keypass password -storepass password -noprompt

# copy the CA certs from jre/lib/security/cacerts to /etc/sdc/truststore.jks
keytool -importkeystore -srckeystore $JAVA_HOME/jre/lib/security/cacerts -srcstorepass changeit -destkeystore /etc/sdc/truststore.jks -deststorepass password

# ensure that DPM can access the keystore/truststore
chown sdc:sdc /etc/sdc/keystore.jks
chown sdc:sdc /etc/sdc/truststore.jks

# add the truststore path and password to the SDC java opts:
vi /opt/streamsets-datacollector/libexec/sdc-env.sh

# added truststore to enable https
export SDC_JAVA_OPTS="-Djavax.net.ssl.trustStore=/etc/sdc/truststore.jks -Djavax.net.ssl.trustStorePassword=password ${SDC_JAVA_OPTS}"

# tweak settings in /etc/sdc/sdc.properties (http.port, https.port, sdc.base.http.url=https://)
vi /etc/sdc/sdc.properties

# restart SDC
systemctl restart sdc
	# creates keystore
	keytool -genkey \
	-noprompt \
	-trustcacerts \
	-keyalg RSA \
	-alias sdc.woolford.io \
	-dname "CN=sdc.woolford.io, OU=woolford.io, O=woolford.io, L=Lafayette, ST=Colorado, C=US" \
	-keypass password \
	-keystore /etc/sdc/keystore.jks \
	-storepass password

	# convert to PKCS12
	keytool -importkeystore -srckeystore /etc/sdc/keystore.jks -destkeystore /etc/sdc/keystore.jks -deststoretype pkcs12

	# exports certificate from the keystore
	keytool -export -alias sdc.woolford.io -storepass password -file /tmp/sdc.woolford.io.cer -keystore /etc/sdc/keystore.jks

	# create truststore and import certificate
	keytool -import -v -trustcacerts -alias sdc.woolford.io -file /tmp/sdc.woolford.io.cer -keystore /etc/sdc/truststore.jks -keypass password -storepass password -noprompt

	# copy the CA certs from jre/lib/security/cacerts to /etc/sdc/truststore.jks
	keytool -importkeystore -srckeystore $JAVA_HOME/jre/lib/security/cacerts -srcstorepass changeit -destkeystore /etc/sdc/truststore.jks -deststorepass password

	# ensure that DPM can access the keystore/truststore
	chown sdc:sdc /etc/sdc/keystore.jks
	chown sdc:sdc /etc/sdc/truststore.jks

	# add the truststore path and password to the SDC java opts:
	vi /opt/streamsets-datacollector/libexec/sdc-env.sh

	# added truststore to enable https
	export SDC_JAVA_OPTS="-Djavax.net.ssl.trustStore=/etc/sdc/truststore.jks -Djavax.net.ssl.trustStorePassword=password ${SDC_JAVA_OPTS}"

	# tweak settings in /etc/sdc/sdc.properties (http.port, https.port, sdc.base.http.url=https://)
	vi /etc/sdc/sdc.properties

	# restart SDC
	systemctl restart sdc