This topic describes how to add SSL (Secure Sockets Layer) certificates to Data360 Analyze.
Running nodes to connect over HTTPs to 3rd party systems
You can use the nodes, for example, HTTP node, salesforce nodes to request resources from remote servers over HTTPS to 3rd party systems. If a custom certificate is used for HTTPS, you need to work with your system administrator to install the custom certificate in the Data360 Analyze keystore to enable the HTTP node to connect:
Step 1 - Exporting the certificate
Step 2 - Installing the certificate
Exporting the certificate to a file (Windows example)
- From the Windows Start menu, navigate to Control Panel > Network and Internet > Internet Options.
- Select the Content tab and click the Certificates button.
- Select the appropriate certificate and click Export.
- Save the certificate file to the machine where the server is installed, and make a note of the save location, for example
c:\users\Administrator\Desktop\certificate_name.cer
.
Installing the certificate
You must add certificates to the Data360 Analyze keystore in order for the HTTP node to use them. You can use the Java Keytool that ships with Data360 Analyze to add new certificates.
The Java Keytool (located at <installationDirectory>\jre\bin
) stores the keys and certificates in what is called a keystore, where its entries are protected by a keystore password. A keystore entry is identified by an alias, and it consists of keys and certificates that form a trust chain. Each certificate in a Java keystore is associated with a unique alias.
To add new certificates to the Data360 Analyze keystore:
- Use the Java keytool utility to import the certificate into the Java Store by running the following command, where
<alias>
,<Data360Analyze Install Directory>
and<path-to-certificate>
are replaced with custom values:keytool -import -alias <alias> -keystore <Data360 Analyze site directory>/cust-keystores/cacerts -file <path-to-certificate-file>
Tip: You can replace<alias>
with any value, for examplecustomCertificate
.Note: <Data360 Analyze site directory> is specified at installation. The default location is C:\Users\<username>\Data360 Analyze\data-7731 on Windows or /home/<user>/Data360 Analyze/data-7731 on Linux.Note: The path locations for the cacerts keystore was<installationDirectory>\jre\lib\security\cacerts
(for versions older than 3.8.5 and in 3.10.0 ) and it is now changed to<siteDIrectory>\cust-keystores\cacerts
. - When prompted for the keystore password, enter the following default password:
changeit
. We recommend that you do not change the password as changing it may result in nodes failing. - When asked if you wish to trust this certificate, type
yes
.A message is displayed stating that the certificate was added to the keystore and Java will now treat this certificate as trusted.
Removing browser certificate warnings
You may need to install a trusted certificate locally, for example if you are accessing public sites that use certificates from providers that are not on the standard Java trusted certification list, or if you are using your own internal certification authority. The following steps give an overview of how to do this in Chrome and Internet Explorer 11.
Chrome
- Click the padlock icon in the browser address bar.
- Click Details, then View Certificate.
- Open the Details tab.
- Click Copy to File.
- The Certificate Export Wizard will guide you through the process. When prompted, select Base-64 encoded X.509 (.CER), then click Next.