Cluster SSL/TLS Integrator/Scheduler Connection (Linux)

image_pdfimage_print

The following steps are only necessary if you plan to encrypt OLAP.

To encrypt the communication between the OLAP Server, Integrator, and Scheduler, it is necessary to add the certificate to the Jedox keystore. JAVA provides a tool called keytool that can be used to do so. The path to the Jedox keystore is <install_path>/tomcat/conf/keystore and the default password is changeit.

1.) Enter the corresponding password (changeit) of the keystore in the following paragraph:

javax.net.ssl.keyStorePassword=changeit

in all following files:

<Install_path>/tomcat/client/config/etlcli.properties
<Install_path>/tomcat/webapps/etlserver/config/ssl.properties
<Install_path>/tomcat/webapps/rpc/WEB-INF/classes/scheduler-ssl.properties

By default, all files mentioned above refer to the same keystore file, except for <Install_path>/tomcat/client/config/etlcli.properties, which has its own keystore, stored in <Install_path>/tomcat/client/config/. This will only affect the etlclient.sh.

2.) Adjust interfaces in <Install_path>/tomcat/webapps/rpc/WEB-INF/classes/etl-mngr.properties

# ETL Server URL
etl.server.url=http://www.example.com:7775/etlserver/services/ETL-Server?wsdl

# Scheduler Server URL
scheduler.server.url=http://www.example.com:7775/schedulerserver/services/Scheduler-Server

3.) In <Install_path>/tomcat/conf/server.xml, adjust interface in line:

<Connector port="7775" address="www.example.com" connectionTimeout="20000" protocol="HTTP/1.1" redirectPort="8443" />

and adjust keystore password in entry:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="conf/keystore" keystorePass="changeit" />

 

image_pdfimage_print
Tagged: