Enabling SSL - Data360_DQ+ - 11.X

Data360 DQ+ Enterprise Installation

Product type
Software
Portfolio
Verify
Product family
Data360
Product
Data360 DQ+
Version
11.X
Language
English
Product name
Data360 DQ+
Title
Data360 DQ+ Enterprise Installation
Copyright
2024
First publish date
2016
ft:lastEdition
2024-06-06
ft:lastPublication
2024-06-06T12:37:34.761477

Following installation, you can perform the following steps to enable SSL for your organization.

Note: If you are using SSO, SSL is required.

Steps to enable SSL

  1. Edit the install.properties file located at <DQPlus install dir>/properties/install.properties as follows:

    Property

    Value

    IS_SSL_ENABLED

    true

    LOAD_BAL_SSL_CERT

    Location of the SSL certificate file.

    For example: /SSL/DQPlus.company.crt

    LOAD_BAL_SSL_CERT_KEY

    Location of the SSL certificate secret key file.

    For example: /SSL/DQPlus.company.key

    LOAD_BAL_SSL_TRUSTED_CERT

    Same as value set for LOAD_BAL_SSL_CERT

    DEPLOY_HOST

    The deployment host.

    For example: DQPlus.company.com

    DEPLOY_HOST_URL

    The deployment host URL.

    For example: https://DQPlus.company.com

    Note that HTTPS must be used here.

  2. If SSL is enabled, the secret key associated with the certificate cannot be passphrase-protected. If the key is passphrase-protected, the passphrase can be removed using openssl, as follows.

    How to remove PEM password

    Run theopenssl rsacommand to remove the passphrase. As arguments, pass -in the passphrase-protected SSL.keyand get -outa .keyfile with the passphrase removed.

    For example:

    $ openssl rsa -in mycert_with_pass.key -out mycert.key

    This command will ask you one last time for your PEM passphrase.

    At this point you should redeploy to test SSL by running the script located at <DQPlus install dir>/bin/deploy
  3. After redeployment, you should test connectivity by navigating to the DEPLOY_HOST_URL, for example: https://DQPlus.company.com

Steps to enable SSL for Vertica

  1. Edit the install.properties file located at <DQPlus install dir>/properties/install.properties as follows:

    Property

    Setting

    VERTICA_SSL_ENABLED

    true

    VERTICA_SSL_CERTIFICATE_GENERATE

    true to generate a Self Signed SSL certificate for Vertica. Note that VERTICA_SSL_ENABLED must also be set to true.

    false to not generate a Self Signed SSL certificate for Vertica.

    VERTICA_DB_URL:

    Uncomment this property.

    VERTICA_DR_URL_ESCAPED

    Uncomment this property.

    VERTICA_SSL_CRT_FILE

    Physical location of your CRT file.

    VERTICA_SSL_KEY_FILE

    Physical location of your KEY file.

  2. Execute the following command:

    ./startComputeDb

  3. Verify that SSL has been configured on the database by running the following command:

    /opt/vertica/bin/vsql --host <host where you installed Vertica> --dbname <database name> --username <Vertica username> -x -c "SELECT * FROM configuration_parameters WHERE parameter_name ILIKE '%ssl%';"

If SSL is properly configured, the command should return the following:

parameter_name EnableSSL

current_value 1

restart_value 1

database_value 1

Tip: For further verification, you should also go into the user interface of the Data360 DQ+ product and execute a Data View, to confirm that this Data Stage can execute without errors.

Steps to enable SSL for Postgres

  1. Create the server.key and server.crt files by running the following commands:

    openssl genrsa -des3 -out server.key 1024

    openssl rsa -in server.key -out server.key
  2. Edit the install.properties file located at <DQPlus install dir>/properties/install.properties as follows:

    Property

    Setting

    DATABASE_SERVER_SSL_ENABLED

    true

    DATABASE_SERVER_SSL_CERTIFICATE_GENERATE

    true to generate a Self Signed SSL certificate for the Application DB. Note that DATABASE_SERVER_SSL_ENABLED must also be set to true.

    false to not generate a Self Signed SSL certificate for the Application DB.

    DATABASE_SERVER_SSL_CRT_FILE

    Physical location of your CRT file.

    For example:

    opt/infogix/config/postgres_ssl/server.crt

    DATABASE_SERVER_SSL_KEY_FILE

    Physical location of your KEY file.

    For example:

    opt/infogix/config/postgres_ssl/server.crt

  3. Install the product, using the following commands:

    ./install

    ./initialize
  4. Verify the SSL connection by performing the following steps:
    1. Log in to the server.
    2. Change user to the sagacity system user.
    3. Step into the dqplusApplicationDb Docker container, using the following command:

      docker exec -it dqplusApplicationDb bash

      Execute the following commands, as per the listed sequence:

      su - postgres

      postgres=# \c postgres

      select * from pg_stat_ssl;

    Values in the returned ssl column should have a value of 't', for true.