Home

Enabling Transport Layer Security (TLS) for Unravel UI

All the certificates are stored in data/certificates by default. To enable TLS for Unravel UI, do the following:

  1. Provide permissions to the user, who installs unravel, to access the certificates folder.

    chown -R username:groupname /path/to/certificates/directory
    
  2. Download the certificates to a directory.

  3. Upload the certificates to a certificates directory.

    ## Option 1
    <unravel_installation_directory>/unravel/manager config tls trust add </path/to/the/certificate/files
    
    or 
    
    ## Option 2
    <unravel_installation_directory>/unravel/manager config tls trust add --pem </path/to/the/certificate/files>
    <unravel_installation_directory>/unravel/manager config tls trust add --jks </path/to/the/certificate/files>
    <unravel_installation_directory>/unravel/manager config tls trust add --pkcs12 </path/to/the/certificate/files>
    
  4. Upload the key and certificate.

    <unravel_installation_directory>/unravel/manager config tls set /path/to/key.pem /path/to/certificate.pem --key-password <password>
    
    ##Example:/opt/unravel/manager config tls set --pem xyz_wildcard.pem wildcard_xyzabc_com_RSA_private.pem --key-password AcQidKj4
    
  5. Enable TLS and then enable the Trustore.

    <unravel_installation_directory>/unravel/manager config tls <enable|disable>
    <unravel_installation_directory>/unravel/manager config trust <enable|disable>
  6. Stop Unravel

    <unravel_installation_directory>/unravel/manager stop
    
  7. Apply the changes

    <unravel_installation_directory>/unravel/manager config apply
  8. Verify the connection.

    <unravel_installation_directory>/unravel/manager verify connect <Cluster Manager-host> <Cluster Manager-port>
    
    For example: /opt/unravel/manager verify connect xyz.unraveldata.com 7180
    -- Running: verify connect xyz.unraveldata.com 7180
     - Resolved IP: 111.17.4.123
     - Reverse lookup: ('xyz.unraveldata.com', [], ['111.17.4.123'])
     - Connection:   OK
     - TLS:      No
    -- OK
  9. Verify the Truststore as well as the TLS configuration:

    <unravel_installation_directory>/unravel/manager verify tls
    
  10. Start Unravel

    <unravel_installation_directory>/unravel/manager start