FTASecurity
and DataView or DataFlowML Installed on Different Machines
IMPORTANT:
Create a directory with the same user
account that was used to install Tomcat. Place the certificates
in a protected directory that are not accessed by other accounts
on the system.
Perform the following steps to enable HTTPS
protocol:
- DataView:
- Create a new directory inside dataview installation directory i.e “certificates”. For example:$ cd /opt/tomcat/tomcat9/$ sudo mkdir certificates
- Copy the fta_truststore.jks and <FQDN-hostname>.jks files into the new certificates folder.NOTE:If Tomcat user is created, run the following command to give permissions to Tomcat user to access the certificate files:$ sudo chown -R tomcat:tomcat /opt/tomcat/tomcat9/certificatesNOTE:
- Copy the certificates generated for Tomcat server from machine where FTASecurity is installed to the machine where DataView is installed.
- truststoreFile
- certificateKeyStoreFile
- In DataView server, go to the /<Tomcat_Directory>/tomcat/conf folder and open the server.xml in a text editor.
- Add the following paragraph to the server.xml file and ensure that the following fields are replaced with the actual path and correct password:
- truststoreFile path, for example: /<certificate-path>/fta_truststore.jks
- certificateKeyStoreFile path, for example: /<certificate-path>/<FQDN-hostname>.jks
- truststorePassword, for example: Rockwell@1234
- certificateKeypassword, for example: Rockwell@1234
- certificatekeystorepassword, for example: Rockwell@1234
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true"><SSLHostConfig truststoreFile="/opt/tomcat/tomcat9/certificates/fta_truststore.jks"truststorePassword="Rockwell@1234" certificateVerification="none" protocols="TLSv1.1+TLSv1.2"><CertificatecertificateKeystoreFile="/opt/tomcat/tomcat9/certificates/<FQDN-hostname>.jks"certificateKeyPassword="Rockwell@1234" certificateKeystorePassword="Rockwell@1234"/></SSLHostConfig></Connector> - Add following command in tomcat.service file under /etc/systemd/system:Environment="JAVA_OPTS=-Djavax.net.ssl.trustStore=/opt/tomcat/tomcat9/certificates/fta_truststore.jks -Djavax.net.ssl.trustStorePassword=Rockwell@1234"
- Ensure that the path to "-Djavax.net.ssl.trustStore” is correct.
- Ensure that the password of the ="-Djavax.net.ssl.trustStorePassword” is correct.
- Ensure that the above highlighted text is in single line as shown in the following image.
- Execute the following command to reload the systemd manager configuration:$ sudo systemctl daemon-reload
- Execute the following command to restart the Tomcat for the changes:$ sudo systemctl restart tomcat
- DataFlowML:
- Create a ‘certificates’ folder inside DataFlowML installation directory:$ sudo cd /opt/rockwell/FactoryTalkAnalyticsDataFlowML$ sudo mkdir certificates
- Copy the fta_truststore and <FQDN-hostname>.jks files into the new certificates folder.
- Go to the <DataFlowML install Dir>/server/tomcat/conf folder and open the server.xml in a text editor.
- Add the following paragraph to the server.xml file and ensure that the following fields are replaced with the actual path and correct password.
- truststoreFile path, for example: /<certificate-path>/fta_truststore.jks
- certificateKeyStoreFile path, for example: /<certificate-path>/<FQDN-hostname>.jks
- truststorePassword, for example: Rockwell@1234
- certificateKeypassword, for example: Rockwell@1234
- certificatekeystorepassword, for example: Rockwell@1234
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true"><SSLHostConfig truststoreFile="/<certificate-path>/fta_truststore.jks"truststorePassword="Rockwell@1234" certificateVerification="none" protocols="TLSv1.1+TLSv1.2"><CertificatecertificateKeystoreFile="<certificate-path>/.fta-ca/certs/apinbanisdev46.ra-int.com.jks"certificateKeyPassword="Rockwell@1234" certificateKeystorePassword="Rockwell@1234"/></SSLHostConfig></Connector>For CentOS and RHEL:Change the directory to /home/flowadmin folder and open the .bashrc file.Add the following line:export JAVA_OPTS="-Djavax.net.ssl.trustStore=<keypath>/fta_truststore.jks -Djavax.net.ssl.trustStorePassword=<truststore_password>"
|
Change the
directory to /home/flowadmin folder and open the catalina.sh file. Add the following lines: |
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/opt/DataFlowML/certificates/fta_truststore.jks" JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStorePassword=password" |
- Ensure that the path to "-Djavax.net.ssl.trustStore” is correct.
- Ensure that the password of the ="-Djavax.net.ssl.trustStorePassword” is correct.
Provide Feedback