1. DataClarity
  2. DataClarity Installation & Configuration
  3. Install the platform (on premise)
  4. Install using Kubernetes (recommended)

Configure SSL certificate for Data Server

Avatar
Customer Care Team

Configure SSL certificate for Data Server

By default, Data Server has SSL disabled. However, suppose you need a desktop BI application, like Tableau or Power BI, to use a secure connection to Data Server. In that case, you will need to enable SSL and then import the Data Server certificate into the machine running the desktop application. After enabling SSL, Data Server will use a self-signed certificate. If you have a custom certificate, you can configure Data Server to use it.

  1. In Kubernetes Dashboard, on the sidebar, go to Config Maps, and open the data-server config map.

  2. Set true for the dataserver.ssl.enabled property:

    dataserver.ssl.enabled=true

  3. Restart the Data Server pod:

    1. On the sidebar, go to Pods.

    2. For the Data Server pod, on the Actions menu, click Delete.

By default, Data Server uses a self-signed certificate. To export the certificate, follow these steps:

  1. Connect to the Data Server pod:

    Copy
    kubectl exec -it data-server-784867d79f-5ld85 sh

    Note that the “784867d79f-5ld85” value will be different in your case.

  2. Execute the following keytool command to export the certificate file (dataserver.cer):

    Copy
     keytool -export -alias dataserver -file dataserver.cer -keystore keystore.jks

  3. Exit the Data Server pod by using the exit command.

  4. Copy the certificate file to the host machine:

    Copy
    kubectl cp data-server-784867d79f-5ld85:/opt/dc-data-server/dataserver.cer ./dataserver.cer

  5. Copy and install the certificate file to the machine running Tableau or Power BI.

By default, Data Server uses a self-signed certificate. To configure the server to use another certificate (a self-signed certificate or one from a certificate authority), follow these steps:

  1. Copy both the certificate and the key files to the Linux machine where the Platform is installed.

  2. Using openssl, generate a new certificate file that contains both the certificate and the key:

    Copy
    openssl pkcs12 -export -in certificate.crt -inkey certificate.key -name "data-server" -out dataserver.p12

    You will be asked to create a password for the new certificate file.

  3. Generate a keystore that will contain the new certificate file:

    Copy
    keytool -importkeystore -srckeystore dataserver.p12 -srcstoretype pkcs12 -deststoretype pkcs12 -destkeystore data-server-keystore.jks

    You will be asked to create a password for the keystore file.

    Note: The keytool requires Java. If you do not have Java installed, you can connect to the data-server container and use keytool from there.

  4. Create the data-server-keystore.pass file and enter the password that you created for the keystore.

  5. Create a Kubernetes secret file to include the data from the .jks and .pass files:

    Copy
     kubectl create secret generic --from-file data-server-keystore.jks --from-file data-server-keystore.pass --dry-run=true -o yaml data-server-keystore > data-server-keystore.yaml

    Note: Do not delete this file while your certificate is valid, as you will need it for future Platform upgrades.

  6. Apply the secret file to Kubernetes:

    Copy
    kubectl apply -f data-server-keystore.yaml

  7. Restart the Data Server pod:

    Copy
     kubectl rollout restart deployment data-server

    Alternatively, you can go to the Kubernetes Dashboard and delete the data-server pod.

 

Articles in this section

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.