Appendix

Generating SSL Keystore, Self Signed Certificate and Truststore

To enable SSL/HTTPS for accessing ECB REST APIs, a certificate and truststore is required. If a certificate from CA is not already available, generate a self signed certificate using the following procedure:

Copy the FQDN of the ECB agent host. To view the FQDN, run the following command: $ hostname -f

Generate Keystore:

A key store is a repository of security certificates.

Ensure that a keystore is created before generating the certificate.
Ensure that the openssl package is installed on the host where the ECB Agent will be running.
Execute the following command in a bash shell. The command prompts a set of questions for information. For the first prompt for CN, What is your first and last name, use the hostname copied from the previous step.
IMPORTANT: Note the password entered here; this will be required for ECB configuration.

Bash
    
​x
 
keytool -genkey -alias ecb-keystore -keyalg RSA -keystore ecb-keystore.jks -keysize 2048​​Enter keystore password:​Re-enter new password:​​What is your first and last name?​  [Unknown]:  ecb-td13.dbclient.infoworks.io​What is the name of your organizational unit?​  [Unknown]:  DBA​What is the name of your organization?​  [Unknown]:  infoworks​What is the name of your City or Locality?​  [Unknown]:  Palo Alto​What is the name of your State or Province?​  [Unknown]:  CA​What is the two-letter country code for this unit?​  [Unknown]:  US​Is CN=ecb-td13.dbclient.infoworks.io, OU=DBA, O=infoworks, L=Palo Alto, ST=CA, C=US correct?​  [no]:  yes​Enter key password for <ecb-keystore>​    (RETURN if same as keystore password):​Re-enter new password:
Copy

Export Certificate:

Run the following command on the ECB agent host to export a certificate from the keystore and use the password from the previous step when prompted:

Bash
    
 
keytool -export -alias ecb-keystore -file ecb.crt -keystore ecb-keystore.jks
Copy

Propagate Certificate:

The certificate generated in the previous step, ecb.crt, must be copied to the Infoworks edge node. This can be copied using any tool including scp. Note the path to the certificate after the copy and ensure the Infoworks user has read permissions on the certificate.

Import Certificate into Truststore:

On the Infoworks edge node, run the following command to create a new truststore and import the ecb.crt certificate. When prompted for password, enter a new password for the truststore. Note the path to the truststore file, truststore.jks, and the password used for the truststore.

Bash
    
 
keytool -import -v -trustcacerts -alias ecb-keystore -file ecb.crt -keystore truststore.jks
Copy

Configuring Driver Jars for RDBMS Sources in ECB Agent

ECB supports Oracle and Teradata sources. JDBC driver jars must be configured in ECB Agent to crawl data from these sources. To configure the JDBC drivers, the jars must be copied to the $ECB_HOME/var/lib folder in the ECB Agent installed location. Ensure that for Oracle, ojdbc7.jar is used and for Teradata terajdbc4.jar and tdgssconfig.jar are used.

Last updated on