Following installation, you can perform the following steps to enable SSL for your organization.
Steps to enable SSL
- Edit the install.properties file located at <DQPlus install dir>/properties/install.properties as follows:
Property
Value
IS_SSL_ENABLED
true
LOAD_BAL_SSL_CERT
Location of the SSL certificate file.
For example: /SSL/DQPlus.company.crt
LOAD_BAL_SSL_CERT_KEY
Location of the SSL certificate secret key file.
For example: /SSL/DQPlus.company.key
LOAD_BAL_SSL_TRUSTED_CERT
Same as value set for LOAD_BAL_SSL_CERT
DEPLOY_HOST
The deployment host.
For example: DQPlus.company.com
DEPLOY_HOST_URL
The deployment host URL.
For example: https://DQPlus.company.com
Note that HTTPS must be used here.
- If SSL is enabled, the secret key associated with the certificate cannot be passphrase-protected. If the key is passphrase-protected, the passphrase can be removed using openssl, as follows.
How to remove PEM password
Run theopenssl rsacommand to remove the passphrase. As arguments, pass -in the passphrase-protected SSL.keyand get -outa .keyfile with the passphrase removed.
For example:
$ openssl rsa -in mycert_with_pass.key -out mycert.keyThis command will ask you one last time for your PEM passphrase.
At this point you should redeploy to test SSL by running the script located at <DQPlus install dir>/bin/deploy - After redeployment, you should test connectivity by navigating to the DEPLOY_HOST_URL, for example: https://DQPlus.company.com
Steps to enable SSL for Vertica
- Edit the install.properties file located at <DQPlus install dir>/properties/install.properties as follows:
Property
Setting
VERTICA_SSL_ENABLED
true
VERTICA_SSL_CERTIFICATE_GENERATE
true to generate a Self Signed SSL certificate for Vertica. Note that VERTICA_SSL_ENABLED must also be set to true.
false to not generate a Self Signed SSL certificate for Vertica.
VERTICA_DB_URL:
Uncomment this property.
VERTICA_DR_URL_ESCAPED
Uncomment this property.
VERTICA_SSL_CRT_FILE
Physical location of your CRT file.
VERTICA_SSL_KEY_FILE
Physical location of your KEY file.
- Execute the following command:
./startComputeDb - Verify that SSL has been configured on the database by running the following command:
/opt/vertica/bin/vsql --host <host where you installed Vertica> --dbname <database name> --username <Vertica username> -x -c "SELECT * FROM configuration_parameters WHERE parameter_name ILIKE '%ssl%';"
If SSL is properly configured, the command should return the following:
parameter_name EnableSSL
current_value 1
restart_value 1
database_value 1
Steps to enable SSL for Postgres
- Create the server.key and server.crt files by running the following commands:
openssl genrsa -des3 -out server.key 1024openssl rsa -in server.key -out server.key - Edit the install.properties file located at <DQPlus install dir>/properties/install.properties as follows:
Property
Setting
DATABASE_SERVER_SSL_ENABLED
true
DATABASE_SERVER_SSL_CERTIFICATE_GENERATE
true to generate a Self Signed SSL certificate for the Application DB. Note that DATABASE_SERVER_SSL_ENABLED must also be set to true.
false to not generate a Self Signed SSL certificate for the Application DB.
DATABASE_SERVER_SSL_CRT_FILE
Physical location of your CRT file.
For example:
opt/infogix/config/postgres_ssl/server.crt
DATABASE_SERVER_SSL_KEY_FILE
Physical location of your KEY file.
For example:
opt/infogix/config/postgres_ssl/server.crt
- Install the product, using the following commands:
./install./initialize - Verify the SSL connection by performing the following steps:
- Log in to the server.
- Change user to the sagacity system user.
- Step into the dqplusApplicationDb Docker container, using the following command:
Execute the following commands, as per the listed sequence:docker exec -it dqplusApplicationDb bashsu - postgrespostgres=# \c postgresselect * from pg_stat_ssl;