SSL Configuration:

To configure SSL for DataOps Server, we need a Java KeyStore (.jks) file that contains SSL certificate and private key you want to use to secure the DataOps Server.

create jks file using crt and key files
It is not feasible to convert ".crt and .key" files to ".jks" directly because .crt and .key are individual components.

I) Create a PFX using .crt and .key  files

Combine the ".crt and .key" files into a PFX file using OpenSSL.

By default, "openssl" will be configured. Open the terminal and execute the below command.
openssl pkcs12 -export -in </path/to/hostname.crt> -inkey </path/to/hostname.key> -out </path/to/hostname.pfx> -name "datagaps"

Replace the following in the above command.

/path/to/hostname.crt: Path of the ".crt" file

/path/to/hostname.key: Path of the ".key" (private key) file

/path/to/hostname.pfx: Path to generate the ".pfx" file. 


 II)  Convert PFX to JKS
 Use the "keytool" command to import the PFX file into a JKS keystore.
Navigate to /opt/datagaps/DataOpsServer/files/jdk/bin/keytool and open the terminal and execute the below command.

keytool -importkeystore -srckeystore </path/to/hostname.pfx>  -srcstoretype PKCS12 -destkeystore </path/to/hostname.jks> -deststoretype JKS

 replace the following in the above command. 

/path/to/hostname.pfx: Path of the ".pfx" file generated in the previous step

/path/to/hostname.jks: Path to generate the ".jks" file

By following these steps, you'll successfully create a JKS file that contains both the certificate and private key.

Procedure for configuring SSL for DataOps Server

1)Copy the JKS file to DataOps Server "conf" folder

     /opt/datagaps/DataOpsServer/conf 

       2) Edit the "server.xml" file of DataOps Server
            go to below path open server .xml file 
  /opt/datagaps/DataOpsServer/conf
comment below http code

<! --- <Connector port="6055" protocol="HTTP/1.1"

                        connectionTimeout="20000"

                        redirectPort="6443"

                        compression="on"

                        compressionMinSize="2048"

                        noCompressionUserAgents=".MSIE 6."

                        useSendfile="false"

         compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json,application/xml"

                        />
---!>
 

Uncomment the below code and edit the server.xml file
change the "certificateKeystoreFile" name  and "certificateKeystorePassword".
add required JKS file name and password


<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
compression="on"
compressionMinSize="2048"
noCompressionUserAgents=".MSIE 6."
useSendfile="false"
compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json,application/xml"
scheme="https" secure="true"
clientAuth="false"
sslProtocol="TLS"
>
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/hostName.jks"
certificateKeystorePassword="password"
type="RSA" />
</SSLHostConfig>
</Connector>
 

               3) Add the certificate (.crt) to Java truststore (cacerts)
                Add the certificate (.crt) to Java truststore (cacerts) as it is crucial to identify the server's identity for ensuring secure communication between the client and the DataOps Server.

 </path/to/keytool> -trustcacerts -keystore </path/to/cacerts> -storepass changeit -importcert -alias <Alias_Name> -file </path/to/hostname.crt>

   

        Replace the following in the above command. 

        /path/to/keytool: Path of the "keytool" binary

 /opt/datagaps/DataOpsServer/files/jdk/bin/keytool
/path/to/cacerts:  Path of the "cacerts" file

         Alias_Name:An alias name

4) Add 8443 port in firewall 

 After all changes restart dataops server using below command
         sudo systemctl restart dataops

After restart server try to below https url
 https://<hostname or IP >:8443/datagaps-ui-ng