Secure Aternity Docker Components Server with SSL Encryption (HTTPS)

This article provides details about how to secure user access to the Aternity Docker Components Server as well as communication between Aternity components.

Once you have certificates and keys, you can configure SSL encryption (HTTPS). When you configure servers to use Secure Sockets Layer (SSL) encryption, this ensures that access to the server is secure and that data is protected.

Before you begin

To configure servers to use SSL, you must have an SSL certificate. About generating the SSL certificate for Aternity Docker Components Server, read here. The same certificate can be used by all secured Docker Components.

Procedure

  1. Step 1 Once you have secured the Aternity Management Server, you must open the configuration file on the Aternity Docker Components Server and update the URL of the Management Server. Then reconfigure Aternity Docker Components Server.
    Change the management_url parameter in the properties.ini file that resides on the Aternity Docker Components Server.
    Update an external URL
    On Aternity Docker Components Server, run the command:
    ./aternity-docker-admin reconfigure
  2. Step 2 Secure access to the Aternity Docker Components Server.

    Usually, usrs configure SSL encryption (HTTPS) for the Aternity Docker Components Server during the setup of a new Aternity Docker Components Server. If this was not done during the initial server setup, then you can open and edit the properties.ini file now.

    1. a Access the Docker Components computer and log in.
    2. b In the folder aternity-docker-components, open the properties.ini file.
    3. c Edit the properties.ini
      Edit the setup parameters in the properties.ini file
      Parameter Description

      keystore in the [ssl] section.

      (Optional) Path to the keystore.

      Provide an absolute path to the keystore that holds the SSL certificate (typically a .jks file). Save the file in a permanent location on the Aternity Docker Components Server.

      The keystore is used to secure the Aternity REST API Server, Aternity Data Source for Portal, Raw Data Component, and Messaging Broker and must contain the appropriate certificate(s) for that. Providing a path to the keystore automatically sets the Aternity REST API Server and Aternity Data Source for Portal to work with HTTPS (SSL).

      Learn more

      keystore_password in the [ssl] section.

      (Optional) Password used to access the keystore.

      Learn more

      key_alias in the [ssl] section.

      (Optional) Alias that identifies the key in the keystore.

      key-password in the [ssl] section.

      (Optional) Password used to access the key in the keystore.

      truststore in the [ssl] section.

      (Optional) Truststore that holds SSL certificates.

      Provide an absolute path to the truststore file. Save the file in a permanent location on the Aternity Docker Components Server.

      Note

      The aternity-docker-admin tool automatically generates a Truststore that provides trust for the Management Server’s certificate (for the Certificate Authority that signed it), if you do not provide the truststore file.

      Learn more.

      truststore_password in the [ssl] section.

      (Optional) Password used to access the truststore.

      Learn more.

  3. Step 3 To secure the access to Aternity REST API Server and/or Aternity Data Source for Portal, use a valid certificate from a Java keystore and enable SSL connection.
    You need a Java keystore (JKS) containing a certificate for identifying the Aternity Data Source for Portal and/or Aternity REST API Server (learn more)
    Note

    Other Docker Components will also be secured using this Java keystore (JKS). The same certificate can be used for all Docker Components, if applicable, or the JKS can hold several certificates, each for a different component.

    1. a To enable SSL, edit the properties.ini file and configure the parameters under the SSL section as described in the below table(s).
      The file is located in the directory with the aternity-docker-admin tool.
      To secure communication between components, configure the SSL parameters
      Field Description
      keystore

      Enter an absolute path to a valid Java keystore (JKS). The JKS must contain the certificate for securing the Aternity Data Source for Portal and/or Aternity REST API Server.

      keystore_password

      Enter the password required to access the system's keystore file.

      key_alias

      Enter the alias identifying the specific key in the JKS to be used for securing the Aternity Data Source for Portal and/or Aternity REST API Server.

      key_password

      Enter the password to the specific key identified by the key alias.

      (Learn more about creating certificates and defining parameters.)

    2. b Reconfigure the Aternity Data Source for Portal and/or Aternity REST API Server.

      Run ./aternity-docker-admin reconfigure from the aternity-docker-admin directory as a non-root user defined in the configuration sudoers file.

      Note

      This will also install all other Aternity Docker Components. If the components are already installed, this will apply any other configuration changes made in the properties.ini file.