Enabling Transport Layer Security (TLS) for Unravel UI

All the certificates are stored in data/certificates by default. To enable TLS for Unravel UI, do the following:

  1. Provide permissions to the user, who installs unravel, to access the certificates folder.

    chown -R username:groupname /path/to/certificates/directory
  2. Download the certificates to a directory.

  3. Upload the certificates to a certificates directory.

    ## Option 1
    <unravel_installation_directory>/unravel/manager config tls trust add </path/to/the/certificate/files
    ## Option 2
    <unravel_installation_directory>/unravel/manager config tls trust add --pem </path/to/the/certificate/files>
    <unravel_installation_directory>/unravel/manager config tls trust add --jks </path/to/the/certificate/files>
    <unravel_installation_directory>/unravel/manager config tls trust add --pkcs12 </path/to/the/certificate/files>
  4. Upload the key and certificate.

    <unravel_installation_directory>/unravel/manager config tls set /path/to/key.pem /path/to/certificate.pem --key-password <password>
    ##Example:/opt/unravel/manager config tls set --pem xyz_wildcard.pem wildcard_xyzabc_com_RSA_private.pem --key-password AcQidKj4
  5. Enable TLS and then enable the Truststore.

    <unravel_installation_directory>/unravel/manager config tls <enable|disable>
    <unravel_installation_directory>/unravel/manager config tls trust <enable|disable>
  6. Stop Unravel

    <unravel_installation_directory>/unravel/manager stop
  7. Apply the changes

    <unravel_installation_directory>/unravel/manager config apply
  8. Verify the connection.

    <unravel_installation_directory>/unravel/manager verify connect <Cluster Manager-host> <Cluster Manager-port>
    For example: /opt/unravel/manager verify connect xyz.unraveldata.com 7180
    -- Running: verify connect xyz.unraveldata.com 7180
     - Resolved IP:
     - Reverse lookup: ('xyz.unraveldata.com', [], [''])
     - Connection:   OK
     - TLS:      No
    -- OK
  9. Verify the Truststore as well as the TLS configuration:

    <unravel_installation_directory>/unravel/manager verify tls
  10. Start Unravel

    <unravel_installation_directory>/unravel/manager start