Importing certificates

Learn to import certificates to secure Analytics Content Hub's SSL listener and to create the cacerts file.

You must import a certificate in these cases:
  • When you want to secure Analytics Content Hub's SSL listener. For example, if you don't want to use the self-signed certificates and want to avoid seeing the NET::ERR_CERT_AUTHORITY_INVALID message, then importing a certificate is needed.
  • When you want to secure the Analytics Content Hub communication downstream with a connector, for example, Cognos Analytics or Tableau.

Importing certificates to secure Analytics Content Hub SSL listener

To secure Analytics Content Hub's SSL listener, the certificate needs to contain both the private and public keys, and also needs the full chain. There are several types of certificates that you are given to secure the SSL listener. The .pfx certificates are the easier to import, but that is not a requirement. The following are some examples of how to import a .pfx and a .cer certificate and some other useful keytool commands. All examples are used in a command line run. You can find the certificates in the c:\certificates folder and Analytics Content Hub that is installed on the c drive. Replace the paths and file names to match what is in your environment.
Tip: If you haven't changed the keystore password, then when you are prompted, enter theia_pass.
Importing a .pfx certificate
c:\AnalyticsContentHub\Java\bin\keytool -importkeystore -srckeystore c:\certificates\ach_cert.pfx srcstoretype pkcs12 -destkeystore c:\AnalyticsContentHub\app\node1\tomcat\conf\keystore.jks -deststoretype jks -destkeypass theia_pass 
Importing a .cer certificate
c:\AnalyticsContentHub\Java\bin\keytool -import -keystore c:\AnalyticsContentHub\app\node1\tomcat\conf\keystore.jks -filec:\certificates\ach_cert.cer -alias theia
Viewing what is in the keystore
c:\AnalyticsContentHub\Java\bin\keytool -list -v -keystorec:\AnalyticsContentHub\app\node1\tomcat\conf\keystore.jks
Deleting the self-signed cert
 c:\AnalyticsContentHub\Java\bin\keytool -delete -alias theia -keystore c:\AnalyticsContentHub\app\node1\tomcat\conf\keystore.jks 
Certificates with multiple SANs
In this example, you have two SANs called domain1.example.com and domain2.example.com. Include the following option:
-ext SAN=dns:domain1.example.com, dns:domain2.example.com

Importing a certificate into the cacerts file

These certificates are imported so that Analytics Content Hub can communicate downstream with applications such as Cognos Analytics or Tableau. See the following steps:

  1. Open a command line as admin.
  2. Run the following command, and edit the paths file names to match your environment: c:\AnalyticsContentHub\Java\bin\keytool -import -keystore c:\AnalyticsContentHub\Java\lib\cacerts -file.
  3. When prompted for the password, enter changeit.