Setting up one-way TLS authentication for the Data Streamer

To configure one‑way TLS for the Data Streamer, complete the steps in this topic. One‑way TLS is also a prerequisite for configuring two‑way TLS. The same procedure applies when you set up certificate‑based authentication with a proxy server.

Before you begin

You need to transfer the subscriber's self-signed certificate or CA root certificate to the Data Streamer's working directory. Be sure to use the BINARY mode.

Procedure

  1. Set the following environment variables. 
    export JAVA_HOME=/java_installation_directory
export CDP_HOME=/ds_working_directory
export CDP_DATASTREAMER=/dataStreamer_jar_file_directory
    JAVA_HOME
    The Java™ installation directory on the Data Streamer system.
    CDP_HOME
    The Data Streamer working directory that is described in Customizing the Data Streamer started task.
    CDP_DATASTREAMER
    The directory that contains the DataStreamer.jar file.
  2. Run the setupDataStreamerTLS.sh script to initialize the Data Streamer's TLS setup.
    This script configures the Data Streamer to use TLS to communicate with subscribers. Go to the Data Streamer working directory (CDP_HOME) and run the following command:
    $CDP_DATASTREAMER/setupDataStreamerTLS.sh password
    The following variable is used in the command:
    password
    The password that you want to use for the Data Streamer's keystore (cdp.jks) and truststore (cdp_keystore.jks) file.
    After the script is completed, the following files are created in the CDP_HOME directory:
    passStore
    Contains a secret key for password encryption.
    cdp.properties
    Contains the encrypted password for the Data Streamer keystore.
    cdp.jks
    Data Streamer's truststore file, which will contain the public certificates of the Data Streamer's subscribers.
  3. Run the importCertificate.sh script to import the subscriber's certificate or its CA root certificate.
    This script imports the subscriber's certificate into the Data Streamer truststore file (cdp.jks). Running this script requires Java Runtime Environment (JRE8) or later:
    $CDP_DATASTREAMER/importCertificate.sh cdp_alias.cert subscriber_cert_alias
    The following variables are used in the command:
    cdp_alias.cert
    The fully qualified path (including the file name) of the self-signed certificate or CA root certificate.
    subscriber_cert_alias
    The alias name for the public certificate of the subscriber. The alias name is used with the keytool command to refer to certificates and keys in the Java keystore.