Last active
July 27, 2018 05:39
-
-
Save alexwoolford/db93c8c20a65d8bbf6ecbb370706808d to your computer and use it in GitHub Desktop.
running SDC over HTTPS with self-signed certificates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# creates keystore | |
keytool -genkey \ | |
-noprompt \ | |
-trustcacerts \ | |
-keyalg RSA \ | |
-alias sdc.woolford.io \ | |
-dname "CN=sdc.woolford.io, OU=woolford.io, O=woolford.io, L=Lafayette, ST=Colorado, C=US" \ | |
-keypass password \ | |
-keystore /etc/sdc/keystore.jks \ | |
-storepass password | |
# convert to PKCS12 | |
keytool -importkeystore -srckeystore /etc/sdc/keystore.jks -destkeystore /etc/sdc/keystore.jks -deststoretype pkcs12 | |
# exports certificate from the keystore | |
keytool -export -alias sdc.woolford.io -storepass password -file /tmp/sdc.woolford.io.cer -keystore /etc/sdc/keystore.jks | |
# create truststore and import certificate | |
keytool -import -v -trustcacerts -alias sdc.woolford.io -file /tmp/sdc.woolford.io.cer -keystore /etc/sdc/truststore.jks -keypass password -storepass password -noprompt | |
# copy the CA certs from jre/lib/security/cacerts to /etc/sdc/truststore.jks | |
keytool -importkeystore -srckeystore $JAVA_HOME/jre/lib/security/cacerts -srcstorepass changeit -destkeystore /etc/sdc/truststore.jks -deststorepass password | |
# ensure that DPM can access the keystore/truststore | |
chown sdc:sdc /etc/sdc/keystore.jks | |
chown sdc:sdc /etc/sdc/truststore.jks | |
# add the truststore path and password to the SDC java opts: | |
vi /opt/streamsets-datacollector/libexec/sdc-env.sh | |
# added truststore to enable https | |
export SDC_JAVA_OPTS="-Djavax.net.ssl.trustStore=/etc/sdc/truststore.jks -Djavax.net.ssl.trustStorePassword=password ${SDC_JAVA_OPTS}" | |
# tweak settings in /etc/sdc/sdc.properties (http.port, https.port, sdc.base.http.url=https://) | |
vi /etc/sdc/sdc.properties | |
# restart SDC | |
systemctl restart sdc | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment