You can enable the CONNX origins and the CONNX connection to
use SSL/TLS to connect to CONNX.
-
On the JDBC tab for the stage, select the Use
SSL property.
-
If the CONNX certificate is signed by a private CA or not
trusted by the default Java truststore, create a custom truststore file or
modify a copy of the default Java truststore file to add the CA to the file.
Then configure Data Collector
to use the modified truststore file.
-
Use the following command to set the JAVA_HOME environment
variable:
export JAVA_HOME=<Java home directory>
-
Use the following command to set the SDC_CONF environment
variable:
export SDC_CONF=<Data Collector configuration directory>
For
example:
export SDC_CONF=/streamsets-datacollector-5.6.0/etc
-
Use the following command to copy the default Java truststore file to
the Data Collector
configuration directory:
cp "${JAVA_HOME}/jre/lib/security/cacerts" "${SDC_CONF}/truststore.jks"
-
Use the following keytool command to import the CA certificate into the
truststore file:
keytool -import -file <certificate> -trustcacerts -noprompt -alias <alias> -storepass <password> -keystore "${SDC_CONF}/truststore.jks"
-
In Control Hub, edit the
deployment. In the Configure Engine section, click
Advanced Configuration. Then, click Java
Configuration. Define the following options in the Java Options
property:
- javax.net.ssl.trustStore - Path
to the truststore file on the Data Collector machine.
- javax.net.ssl.trustStorePassword -
Truststore password.
For example, define the options as
follows:
-Djavax.net.ssl.trustStore=/streamsets-datacollector-5.6.0/etc/truststore.jks -Djavax.net.ssl.trustStorePassword=mypassword
-
Save the changes to the
deployment and restart all engine instances.