Contents x
    How to add a certificate chain file for SSL configuration
      • Dark
        Light
      Contents

      How to add a certificate chain file for SSL configuration

        • Dark
          Light
        Article Summary

        Overview

        This guide describes how to configure your Matillion ETL instance to recognize a certificate chain file to your Matillion SSL Setup. This is often useful if you need it to recognize an intermediate certificate.

        Note

        As of version 1.69, Matillion ETL's Apache Tomcat version has been updated from 8.5.75 to version 10.1.5.

        tomcat8 commands are now tomcat.

        Note

        Key files for SSL certificate chains must be unencrypted and not password protected.

        Apache Tomcat SSL configuration

        Here is the configuration parameter: SSLCertificateChainFile

        1. Gain an SSH session and switch to the root user.
        2. Take a backup of the current SSL configuration.
        cp -rp /etc/tomcat/localhost.crt /etc/tomcat/localhost.crt.bak

        cp -rp /etc/tomcat/localhost.key /etc/tomcat/localhost.key.bak

        cp -rp /etc/tomcat/server.xml /etc/tomcat/server.xml.bak
        1. Copy the private key and certificates to the following locations.
        cp /your/key/file /etc/tomcat/localhost.key

        cp /your/cert/file /etc/tomcat/localhost.crt

        cp /your/intermediates/file /etc/tomcat/localhost-chain.crt
        1. Update the file ownership and permissions.
        chown tomcat:tomcat /etc/tomcat/localhost*

        chmod 775 /etc/tomcat/localhost*
        1. Locate and edit the following section:
        <Connector SSLCertificateFile="${catalina.base}/conf/localhost.crt" SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" SSLEnabled="true" clientAuth="false" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" scheme="https" secure="true" sslProtocol="TLS">
        1. Make the following changes to add an SSLCertificateChainFile property and value (and point to your chainfile):
        <Connector SSLCertificateFile="${catalina.base}/conf/localhost.crt" SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" SSLCertificateChainFile="/path/to/ChainFile" SSLEnabled="true" clientAuth="false" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" scheme="https" secure="true" sslProtocol="TLS"/>
        1. Restart tomcat.
        systemctl restart tomcat

        1. Validate the connection to the Matillion ETL HTTPS endpoint.

        2. Check the file /var/log/tomcat/catalina.out for any errors.

        Video

        The below video produced by our solution architects team also references certificate chain files.

        What's Next