Authenticating the InfoSphere Streams name server (InfoSphere Streams connector)

You need to set up the InfoSphere Streams connector to authenticate against the InfoSphere Streams name server. The InfoSphere Streams connector uses the InfoSphere Streams name server to lookup the host and port that it wants to connect to. Use the connection properties of the InfoSphere Streams connector to define the connection to the name server.

The InfoSphere Streams name server host is the host name of the system that runs the InfoSphere Streams SWS name server service. If you do not know the name server host name, consult your InfoSphere Streams administrator to help you identify the system that runs the InfoSphere Streams SWS name server service.

For more information about the InfoSphere Streams concepts and commands, see the InfoSphere Streams Installation and Administration guide.

To identify the InfoSphere Streams name server port use the geturl streamtool command. Execute the geturl command on the system that hosts the Streams SWS name server service, for example:

streamtool geturl -i myStreamsInstance

Communication with the name server is via HTTPS which requires that the self-signed certificate of the Streams server is available in a keystore file on the player node that is hosting the Streams connector stage.

The server keystore file ibmjsse2.jks can be found in the home directory of the Streams instance owner directory:

<Streams Instance Owner Home Directory>/.streams/instances/[instanceid]/sws/security/keystore

You can export the keystore certificate from the InfoSphere Streams name server and import into a new or existing keystore file stored on the player node that is hosting the InfoSphere Streams connector stage. If the server certificate is replaced by a new one, the following procedures and steps need to be repeated to update the keystore on the client side.

Exporting the Streams Certificate

To export the Streams Certificate, use the keytool command that is provided in the jre directory of the InfoSphere Streams server installation as follows:

<Streams>/jre/bin/keytool -keystore ~/.streams
/instances/[instanceid]/sws/security/keystore/ibmjsse2.jts 
-export -alias lwiks -file <certificate-file>

The alias is always lwiks; which is defined by InfoSphere Streams and cannot be configured. This command exports the certificate that is associated with the alias lwiks to the specified certificate file. The command prompts for the password of the truststore file. By default, the password is ibmpassw0rd.

Importing the Streams Certificate

To import the Streams Certificate, use thekeytool command that is provided under the ASBNode or ASBServer directories of the InfoSphere DataStage engine install. Before running the command, copy the certificate file exported from InfoSphere Streams to the InfoSphere DataStage engine server. If the keystore file exists, then you are prompted to enter the password for the file. If the file does not exist, then you are prompted to create a password for the file. Click Yes if asked whether to trust the certificate.

Use the command as follows:

<InformationServer>/jdk/jre/bin/keytool
-import -alias lwiks -file <certificate-file> -keystore <keystore-file>