FTASecurity and DataView or DataFlowML Installed on Different Machines

IMPORTANT:
Create a directory with the same user account that was used to install Tomcat. Place the certificates in a protected directory that are not accessed by other accounts on the system.
Perform the following steps to enable HTTPS protocol:
  • DataView:
    1. Create a new directory inside dataview installation directory i.e “certificates”. For example:
      $ cd /opt/tomcat/tomcat9/
      $ sudo mkdir certificates
    2. Copy the fta_truststore.jks and <FQDN-hostname>.jks files into the new certificates folder.
      NOTE:
      If Tomcat user is created, run the following command to give permissions to Tomcat user to access the certificate files:
      $ sudo chown -R tomcat:tomcat /opt/tomcat/tomcat9/certificates
      NOTE:
    3. Copy the certificates generated for Tomcat server from machine where FTASecurity is installed to the machine where DataView is installed.
      • truststoreFile
      • certificateKeyStoreFile
    4. In DataView server, go to the /<Tomcat_Directory>/tomcat/conf folder and open the server.xml in a text editor.
    5. Add the following paragraph to the server.xml file and ensure that the following fields are replaced with the actual path and correct password:
      • truststoreFile path, for example: /<certificate-path>/fta_truststore.jks
      • certificateKeyStoreFile path, for example: /<certificate-path>/<FQDN-hostname>.jks
      • truststorePassword, for example: Rockwell@1234
      • certificateKeypassword, for example: Rockwell@1234
      • certificatekeystorepassword, for example: Rockwell@1234
      <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true">
      <SSLHostConfig truststoreFile="/opt/tomcat/tomcat9/certificates/fta_truststore.jks"
      truststorePassword="Rockwell@1234" certificateVerification="none" protocols="TLSv1.1+TLSv1.2">
      <Certificate
      certificateKeystoreFile="/opt/tomcat/tomcat9/certificates/<FQDN-hostname>.jks"
      certificateKeyPassword="Rockwell@1234" certificateKeystorePassword="Rockwell@1234"
      />
      </SSLHostConfig>
      </Connector>
    6. Add following command in tomcat.service file under /etc/systemd/system:
      Environment="JAVA_OPTS=-Djavax.net.ssl.trustStore=/opt/tomcat/tomcat9/certificates/fta_truststore.jks -Djavax.net.ssl.trustStorePassword=Rockwell@1234"
      • Ensure that the path to "-Djavax.net.ssl.trustStore” is correct.
      • Ensure that the password of the ="-Djavax.net.ssl.trustStorePassword” is correct.
      • Ensure that the above highlighted text is in single line as shown in the following image.
        FTA-TrustStore Configuration - DataView
    7. Execute the following command to reload the systemd manager configuration:
      $ sudo systemctl daemon-reload
    8. Execute the following command to restart the Tomcat for the changes:
      $ sudo systemctl restart tomcat
  • DataFlowML:
    1. Create a ‘certificates’ folder inside DataFlowML installation directory:
      $ sudo cd /opt/rockwell/FactoryTalkAnalyticsDataFlowML
      $ sudo mkdir certificates
    2. Copy the fta_truststore and <FQDN-hostname>.jks files into the new certificates folder.
    3. Go to the <DataFlowML install Dir>/server/tomcat/conf folder and open the server.xml in a text editor.
    4. Add the following paragraph to the server.xml file and ensure that the following fields are replaced with the actual path and correct password.
      • truststoreFile path, for example: /<certificate-path>/fta_truststore.jks
      • certificateKeyStoreFile path, for example: /<certificate-path>/<FQDN-hostname>.jks
      • truststorePassword, for example: Rockwell@1234
      • certificateKeypassword, for example: Rockwell@1234
      • certificatekeystorepassword, for example: Rockwell@1234
      <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true">
      <SSLHostConfig truststoreFile="/<certificate-path>/fta_truststore.jks"
      truststorePassword="Rockwell@1234" certificateVerification="none" protocols="TLSv1.1+TLSv1.2">
      <Certificate
      certificateKeystoreFile="<certificate-path>/.fta-ca/certs/apinbanisdev46.ra-int.com.jks"
      certificateKeyPassword="Rockwell@1234" certificateKeystorePassword="Rockwell@1234"
      />
      </SSLHostConfig>
      </Connector>
       
      For CentOS and RHEL:
      Change the directory to /home/flowadmin folder and open the .bashrc file.
      Add the following line:
      export JAVA_OPTS="-Djavax.net.ssl.trustStore=<keypath>/fta_truststore.jks -Djavax.net.ssl.trustStorePassword=<truststore_password>"
       
For SUSE:
Change the directory to /home/flowadmin folder and open the catalina.sh file.
Add the following lines:
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/opt/DataFlowML/certificates/fta_truststore.jks"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStorePassword=password"
  • Ensure that the path to "-Djavax.net.ssl.trustStore” is correct.
  • Ensure that the password of the ="-Djavax.net.ssl.trustStorePassword” is correct.
    FTA-TrustStore Configuration - DataFlowML
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.