Configuring the truststore

To use SSL encryption when you use the WebHDFS API or HttpFS API to communicate with the Hadoop Distributed File System (HDFS), you might need to import the server public certificate into your truststore and specify values for truststore parameters.

About this task

You must configure the truststore in the following scenarios:
  • The server instance that you connect to uses a self-signed certificate.
  • The server instance that you connect to uses a certificate that is issued by an authority that is not contained in the default Java truststore.
  • You do not want to use the default Java truststore. The File connector can use the default Java truststore, a custom truststore, or both.

Procedure

  1. Log in as the administrator user to the computer where the InfoSphere® Information Server engine tier host is installed.
  2. If a truststore does not exist, use the keytool Java™ utility to create a truststore by issuing the following command: 
    keytool -genkey -alias alias -keystore truststore.jks -storepass password
    Where truststore.jks is the name of the truststore to create and alias is a keystore entry where certificates are stored. The value specified for alias must be unique. The default location for the keytool Java utility is install_directory/jdk/bin/keytool.
  3. Move the server certificate (.pem) file to the computer where the InfoSphere Information Server engine tier is installed.
  4. Use the keytool Java utility to import the server certificate into the File connector truststore by issuing the following command: 
    keytool -import -trustcacerts -alias alias -file pem_file -keystore truststore.jks -storepass password -noprompt
  5. To generate an encrypted version of the password, use the IS_installation_directory/ASBNode/bin/encrypt.sh file or encrypt.bat file.
  6. Create a properties file in plain text format, for example, properties.txt, and add the following line: 
    password=password
    Where password is an encrypted version of the password that was specified as the value for the -storepass parameter for the keytool import command.
  7. In the IS_installation_directory/Server/DSEngine/dsenv directory or at the InfoSphere DataStage® project level, set the following environment variables: 
    DS_TRUSTSTORE_LOCATION=path_to_the_truststore.jks_file
DS_TRUSTSTORE_PROPERTIES=path_to_the_properties.txt_file