Tutorials

  1. Home
  2. Dokumente
  3. Tutorials
  4. 96. Installing CA-Signed certificate for Agent Service (https)

96. Installing CA-Signed certificate for Agent Service (https)

This tutorial will demonstrate how to install/configure the chain in KeyStore. We assumed that all the needed certificate files are downloaded already on your computer.

Introduction

Users can use a certificate provided by a Certifying Authority (CA) or a self-signed certificate for secure communication between the management server and the agent.

SKYVVA uses standard HTTPS to communicate securely over the Internet. SKYVVA applications that are installed locally – including Private Agents – include a trusted Keystore containing all of the certificates that are needed to communicate securely.

Users may need to add a new certificate to the SKYVVA Java Keystore if, for example, you are using a proxy server and need to allow the SKYVVA local client to communicate securely through the proxy server.

This page contains generic instructions for manually adding certificates to the Jitterbit Java Keystore.

Java KeyStore (JKS)

Users must be in Administrator mode in order to run Java Keytool commands. Any of the Java Keytool commands presented in this document may be used by substituting the home directory for the product you are working with:

Note
Certificates must be installed into the \jre\lib\security folder included in the SKYVVA product installation.

Install Certificate Chain in KeyStore

1. file.ca-bundle :

2. file.crt:

 

Only two files are enough to install the certificate:

    • Edit file.ca-bundle and file.crt.
    • Let copy all text from file.ca-bundle and paste under the text of file.crt
    • Save file.crt
Note
this file has 4 sections start with —–BEGIN CERTIFICATE—– and end with —–END CERTIFICATE—–)

3. CMD

  • openssl pkcs12 -export -in skyvva-agent.skyvva.com.crt -inkey skyvva-agent.skyvva.com.key.txt -certfile skyvva-agent.skyvva.com.crt -name "skyvva-agent.skyvva.com" -out skyvva-agent.skyvva.com.p12
  • keytool -importkeystore -deststorepass password -destkeystore skyvva-agent.skyvva.com.jks -srckeystore skyvva-agent.skyvva.com.p12 -srcstoretype PKCS12

4. After upload the JKS file running in java based web service with https and you can check your domain bellow:

Create new Linux ec2 instance

This is an example to create a new ec2-instance with Linux which is similar to the existing agent-test ec2-instance. The agent-test ec2-instance is now used to run the Agent. The new ec2-instance is called ‘agent-app‘ where we will install all applications we need for testing like database, FTP, Kafka, pulsar, etc..

The user name is ‘ec2-user’. The password is not clear at the moment. Probably we need to set a new password. We can connect to the shell using a browser like with the agent-test instance. Probably the password is the same.

Select the machine image

Choose the instance type

Network setup

Define the storage

Give a name

Security Group

Review the summary

Keys file

The file agent-app.pem is the private key that we have downloaded.

Increase the hard disc

After launching the instance it is not showing the 30GB hard disc. Instead, it shows only 8 GB. Therefore I have defined again. Click on the button ‘Create Image’ after a name for example ‘root’ is given.

Now after changing again we see 30GB of space.

Summary

Now user learned about How to install/configure the chain in KeyStore and Creating a CA-Signed certificate for Agent Service (https).

Fandest du diesen Artikel hilfreich? Ja Nein

Wie können wir helfen?