Home

Truststore certificates

This page provides you with instructions to import certificates into the Unravel trust store for certificate chain validation. This includes Certificate Authority (CA) certificates as well.

The following certificate formats are supported:

  • PEM (.pem)

  • JKS (.jks)

  • PKCS12 (pkcs12, .p12, .pfx)

Multiple certificates can be passed through trust add command, and it can also be called multiple times. All the calls will add the certificates to the trust store. By default, the store is located at data/certificates/trusted_certs.pem and trusted_certs.pkcs12.

To add and set the certificates in Unravel trust store, do the following:

  1. Download the certificates to a directory. For example: wget http://xyz.unraveldata.com/unravel_certs/unravel_wildcard.pem

  2. Provide permissions to the user, who installs unravel, to access the certificates folder.

    chown -R username:groupname /path/to/certificates/directory
    
  3. Upload the certificates.

    ## Option 1
    <unravel_installation_directory>/unravel/manager config tls trust add </path/to/the/certificate/files
    
    or 
    
    ## Option 2
    <unravel_installation_directory>/unravel/manager config tls trust add --pem </path/to/the/certificate/files>
    <unravel_installation_directory>/unravel/manager config tls trust add --jks </path/to/the/certificate/files>
    <unravel_installation_directory>/unravel/manager config tls trust add --pkcs12 </path/to/the/certificate/files>
    
  4. Enable the Truststore

    <unravel_installation_directory>/unravel/manager config tls trust <enable|disable>
    <unravel_installation_directory>/unravel/manager config apply
    
  5. Verify the connection.

    <unravel_installation_directory>/unravel/manager verify connect <Cluster Manager-host> <Cluster Manager-port>
    
    For example: /opt/unravel/manager verify connect xyz.unraveldata.com 7180
    -- Running: verify connect xyz.unraveldata.com 7180
     - Resolved IP: 111.17.4.123
     - Reverse lookup: ('xyz.unraveldata.com', [], ['111.17.4.123'])
     - Connection:   OK
     - TLS:      No
    -- OK