You can enable the CONNX origins to
use SSL/TLS to connect to CONNX.
-
On the JDBC tab for the stage, select the Use
SSL property.
-
If the CONNX certificate is signed by a private CA or not
trusted by the default Java truststore, create a custom truststore file or
modify a copy of the default Java truststore file to add the CA to the file.
Then configure Data Collector
to use the modified truststore file.
-
Use the following command to set the JAVA_HOME environment
variable:
export JAVA_HOME=<Java home directory>
-
Use the following command to set the SDC_CONF environment
variable:
export SDC_CONF=<Data Collector configuration directory>
For example, for an RPM installation
use:
export SDC_CONF=/etc/sdc
-
Use the following command to copy the default Java truststore file to
the Data Collector
configuration directory:
cp "${JAVA_HOME}/jre/lib/security/cacerts" "${SDC_CONF}/truststore.jks"
-
Use the following keytool command to import the CA certificate into the
truststore file:
keytool -import -file <certificate> -trustcacerts -noprompt -alias <alias> -storepass <password> -keystore "${SDC_CONF}/truststore.jks"
-
Define the following options in the SDC_JAVA_OPTS
environment variable:
- javax.net.ssl.trustStore - Path
to the truststore file on the Data Collector machine.
- javax.net.ssl.trustStorePassword -
Truststore password.
Modify environment
variables using the method required by your installation
type.
For example, define the options as
follows:
export SDC_JAVA_OPTS="${SDC_JAVA_OPTS} -Djavax.net.ssl.trustStore=/etc/sdc/truststore.jks -Djavax.net.ssl.trustStorePassword=mypassword -Xmx1024m -Xms1024m -server -XX:-OmitStackTraceInFastThrow"
Or to avoid saving the password in the export command,
save the password in a text file and then define the truststore
password option as follows:
-Djavax.net.ssl.trustStorePassword=$(cat
passwordfile.txt)
Then ensure that the password file is readable only by
the user executing the export command.
-
Restart Data Collector to
enable the changes.