Importing SSL Certificates

Importing SSL Certificates

Question

How do we import SSL certificates into Digital Hive?

Answer

There are two different scenarios that a certificate may need to be imported:
  1. When you want to secure Digital Hive's SSL listener. For example, this is needed if you don't want to use the self-signed certificates and avoid seeing the NET::ERR_CERT_AUTHORITY_INVALID message
  2. When you want to secure the Digital Hive communication downstream with a connector, for example, IBM Cognos Analytics or Tableau

Importing Certificates to Secure Digital Hive's SSL Listener

The important things to consider when securing Digital Hive's SSL Listener is that the certificate needs to contain both the private and public keys and also needs the full chain.  There are several types of certificates that you may be given to secure the SSL listener. We find that the .pfx certificates are the easiest to import, but that is not a requirement. Here are some examples of how to import .pfx and .cer certificates and some other useful keytool comamnds. All of these examples are run in a Command Prompt Run, the certificates were placed in the c:\certificates folder and Digital Hive was installed on the c drive. Replace the paths and file names to match what is in your environment. Also, if you haven't changed the keystore password, when prompted enter theia_pass

Importing a .pfx

c:\DigitalHive\Java\bin\keytool -importkeystore -srckeystore c:\certificates\dh_cert.pfx -srcstoretype pkcs12 -destkeystore c:\DigitalHive\app\node1\tomcat\conf\keystore.jks -deststoretype jks -destkeypass theia_pass

Importing a .cer

c:\DigitalHive\Java\bin\keytool -import -keystore c:\DigitalHive\app\node1\tomcat\conf\keystore.jks -file c:\certificates\dh_cert.cer -alias theia

Viewing what is in the keystore

c:\DigitalHive\Java\bin\keytool -list -v -keystore c:\DigitalHive\app\node1\tomcat\conf\keystore.jks

Deleting the self-signed cert

c:\DigitalHive\Java\bin\keytool -delete -alias theia -keystore c:\DigitalHive\app\node1\tomcat\conf\keystore.jks

Certificates with multiple SANs

In this example, you have two SANs called domain1.example.com and domain2.example.com. To do this you would need to include the following option
-ext SAN=dns:domain1.example.com,dns:domain2.example.com

Importing a Certificate into cacerts

These certificates are imported for something that Digital Hive will talk to downstream like Cognos Analytics, Tableau, etc.
  1. Open a Command Prompt as Administrator
  2. Run this command, switching the paths file names to match your environment
    c:\DigitalHive\Java\bin\keytool -import -keystore c:\DigitalHive\Java\lib\security\cacerts -file c:\certificates\tableau_cert.cer -alias tableau
  3. When prompted for password, enter changeit



    • Related Articles

    • Cognos SSO not working in Digital Hive 2024.1

      Question IBM Cognos analytics Single Sign-on (SSO) is no longer working after deploying the Digital Hive 2024.1 version. Answer The tomcat properties in the Digital Hive server requires a line added. Setup steps: 1. From Services stop the node1 ...
    • Connecting to Qlik Sense

      Question How do we connect Digital Hive to Qlik Sense? Answer As a Digital Hive administrator, connecting to Qlik Sense can be accomplished via the following steps: Create a Qlik Sense Certificate Launch Qlik Management Console (QMC) Under CONFIGURE ...
    • Digital Hive Logging

      Question Is there any logging available to help troubleshoot issues? Answer Digital Hive has several types of log files available for troubleshooting issues. Here are the various Digital Hive log files and what they contain. Theia Log This is the ...
    • Digital Hive Architecture Overview

      Overview Digital Hive is a lightweight, web-based application that is both easy to install as well as to maintain and manage. Other than the Microsoft C++ redistributable (https://www.microsoft.com/en-ca/download/details.aspx?id=40784), there are no ...
    • Create a Digital Hive Azure App Registration for SharePoint Online

      Question Are there any prerequisites for connecting SharePoint Online to Digital Hive so that users can access SharePoint Online content? Answer Similar to other Cloud based hosted solutions that use REST interfaces, like Google and Box, an Azure AD ...