Truststore certificates
This page provides you with instructions to import certificates into the Unravel trust store for certificate chain validation. This includes Certificate Authority (CA) certificates as well.
The following certificate formats are supported:
PEM (.pem)
JKS (.jks)
PKCS12 (pkcs12, .p12, .pfx)
Multiple certificates can be passed through trust add command, and it can also be called multiple times. All the calls will add the certificates to the trust store. By default, the store is located at data/certificates/trusted_certs.pem
and trusted_certs.pkcs12
.
To add and set the certificates in Unravel trust store, do the following:
Download the certificates to a directory. For example: wget http://xyz.unraveldata.com/unravel_certs/unravel_wildcard.pem
Provide permissions to the user, who installs unravel, to access the certificates folder.
chown -R
username
:groupname
/path/to/certificates/directory
Upload the certificates.
## Option 1 <unravel_installation_directory>/unravel/manager config tls trust add
</path/to/the/certificate/files
or ## Option 2 <unravel_installation_directory>/unravel/manager config tls trust add --pem</path/to/the/certificate/files>
<unravel_installation_directory>/unravel/manager config tls trust add --jks</path/to/the/certificate/files>
<unravel_installation_directory>/unravel/manager config tls trust add --pkcs12</path/to/the/certificate/files>
Enable the Truststore
<unravel_installation_directory>/unravel/manager config tls trust
<enable|disable>
<unravel_installation_directory>/unravel/manager config applyVerify the connection.
<unravel_installation_directory>/unravel/manager verify connect <Cluster Manager-host> <Cluster Manager-port>
For example: /opt/unravel/manager verify connect xyz.unraveldata.com 7180 -- Running: verify connect xyz.unraveldata.com 7180 - Resolved IP: 111.17.4.123 - Reverse lookup: ('xyz.unraveldata.com', [], ['111.17.4.123']) - Connection: OK - TLS: No -- OK
Also, refer to Enabling Transport Layer Security (TLS) for Unravel UI.