Importing certificates
Learn to import certificates to secure Analytics Content Hub's SSL listener and to create the cacerts file.
You must import a certificate in these cases:
- When you want to secure Analytics Content Hub's SSL listener. For example, if you don't want to use the self-signed certificates and want to avoid seeing the NET::ERR_CERT_AUTHORITY_INVALID message, then importing a certificate is needed.
- When you want to secure the Analytics Content Hub communication downstream with a connector, for example, Cognos Analytics or Tableau.
Importing certificates to secure Analytics Content Hub SSL listener
To secure Analytics Content Hub's SSL listener, the certificate needs to contain both the private
and public keys, and also needs the full chain. There are several types of certificates that you are
given to secure the SSL listener. The .pfx certificates are the easier to
import, but that is not a requirement. The following are some examples of how to import a
.pfx and a .cer certificate and some other useful keytool
commands. All examples are used in a command line run. You can find the certificates in the
c:\certificates folder and Analytics Content Hub that is installed on the c
drive. Replace the paths and file names to match what is in your environment.
Tip: If
you haven't changed the keystore password, then when you are prompted, enter
theia_pass.
- Importing a .pfx certificate
-
c:\AnalyticsContentHub\Java\bin\keytool -importkeystore -srckeystore c:\certificates\ach_cert.pfx srcstoretype pkcs12 -destkeystore c:\AnalyticsContentHub\app\node1\tomcat\conf\keystore.jks -deststoretype jks -destkeypass theia_pass
- Importing a .cer certificate
-
c:\AnalyticsContentHub\Java\bin\keytool -import -keystore c:\AnalyticsContentHub\app\node1\tomcat\conf\keystore.jks -filec:\certificates\ach_cert.cer -alias theia
- Viewing what is in the keystore
-
c:\AnalyticsContentHub\Java\bin\keytool -list -v -keystorec:\AnalyticsContentHub\app\node1\tomcat\conf\keystore.jks
- Deleting the self-signed cert
-
c:\AnalyticsContentHub\Java\bin\keytool -delete -alias theia -keystore c:\AnalyticsContentHub\app\node1\tomcat\conf\keystore.jks
- Certificates with multiple SANs
- In this example, you have two SANs called
domain1.example.com
anddomain2.example.com
. Include the following option:-ext SAN=dns:domain1.example.com, dns:domain2.example.com
Importing a certificate into the cacerts file
These certificates are imported so that Analytics Content Hub can communicate downstream with applications such as Cognos Analytics or Tableau. See the following steps:
- Open a command line as admin.
- Run the following command, and edit the paths file names to match your environment:
c:\AnalyticsContentHub\Java\bin\keytool -import -keystore c:\AnalyticsContentHub\Java\lib\cacerts -file
. - When prompted for the password, enter
changeit
.