Configure SSL certificate for Data Server
By default, Data Server has SSL disabled. However, suppose you need a desktop BI application, like Tableau or Power BI, to use a secure connection to Data Server. In that case, you will need to enable SSL and then import the Data Server certificate into the machine running the desktop application. After enabling SSL, Data Server will use a self-signed certificate. If you have a custom certificate, you can configure Data Server to use it.
By default, Data Server uses a self-signed certificate. To export the certificate, follow these steps:
Connect to the Data Server pod:Copy
kubectl exec -it data-server-784867d79f-5ld85 sh
Note that the “784867d79f-5ld85” value will be different in your case.
Execute the following keytool command to export the certificate file (dataserver.cer):Copy
keytool -export -alias dataserver -file dataserver.cer -keystore keystore.jks
Exit the Data Server pod by using the exit command.
Copy the certificate file to the host machine:Copy
kubectl cp data-server-784867d79f-5ld85:/opt/dc-data-server/dataserver.cer ./dataserver.cer
Copy and install the certificate file to the machine running Tableau or Power BI.
By default, Data Server uses a self-signed certificate. To configure the server to use another certificate (a self-signed certificate or one from a certificate authority), follow these steps:
Copy both the certificate and the key files to the Linux machine where the Platform is installed.
Using openssl, generate a new certificate file that contains both the certificate and the key:Copy
openssl pkcs12 -export -in certificate.crt -inkey certificate.key -name "data-server" -out dataserver.p12
You will be asked to create a password for the new certificate file.
Generate a keystore that will contain the new certificate file:Copy
keytool -importkeystore -srckeystore dataserver.p12 -srcstoretype pkcs12 -deststoretype pkcs12 -destkeystore data-server-keystore.jks
You will be asked to create a password for the keystore file.
Note: The keytool requires Java. If you do not have Java installed, you can connect to the data-server container and use keytool from there.
Create the data-server-keystore.pass file and enter the password that you created for the keystore.
Create a Kubernetes secret file to include the data from the .jks and .pass files:Copy
kubectl create secret generic --from-file data-server-keystore.jks --from-file data-server-keystore.pass --dry-run=true -o yaml data-server-keystore > data-server-keystore.yaml
Note: Do not delete this file while your certificate is valid, as you will need it for future Platform upgrades.
Apply the secret file to Kubernetes:Copy
kubectl apply -f data-server-keystore.yaml
Restart the Data Server pod:Copy
kubectl rollout restart deployment data-server
Alternatively, you can go to the Kubernetes Dashboard and delete the data-server pod.