1. On-premises 5.1
  2. Guides
  3. Tours
  4. Concepts
  5. Tools
  6. References
    1. Apache Spark
      1. Using Spark with Incorta
      2. Spark Architecture
      3. Spark Application Model
      4. Running Spark Applications
      5. Configure Standalone Spark
      6. Configure Spark for Hadoop on Windows
      7. Configure Spark for Use with Materialized Views
      8. Troubleshoot Spark
      9. Use the SQL Interface with Spark
      10. Enable SSL Certificate in SQLi
    2. Connectors
    3. Built-in Functions
    4. Incorta Connector SDK
    5. Security
    6. Visualizations
    7. Other
  7. Integrations
  8. Data applications
  9. Releases

Enable SSL Certificate in SQLi

This article includes the steps required to enable TLS/SSL security for SQLi connections for Incorta versions 4.4.1 and later.

To enable SSL security for SQLi connections, you will need to:

  1. Generate a self-signed certificate.
  2. Convert your certificate to JKS.
  3. Enable SSL for SQLi in Incorta.
  4. Enable SSL on the client side.
Note

The example below uses a self-signed certificate. However, self-signed certificates should not be used in production environments and are recommended for use only in development and testing phases.

Generate a self-signed certificate

  1. Choose these parameters using Java’s keytool:
    • alias: name assigned to the certificate.
    • keystore: path to new keystore
    • password: password to the keystore.
  2. Run the following command:
    keytool -genkey -keyalg RSA -alias <alias> -keystore <keystore> -storepass <password> -validity 360 -keysize 2048

Here's a sample output for a server named www.mysite.com:

keytool -genkey -keyalg RSA -alias incorta_selfsigned -keystore /home/incorta/keystore.jks -storepass password -validity 360 -keysize 2048


What is your first and last name?  [Unknown]:  mysite


What is the name of your organizational unit?  [Unknown]:  mysite


What is the name of your organization?  [Unknown]:  mysite


What is the name of your City or Locality?  [Unknown]:  cairo


What is the name of your State or Province?  [Unknown]:  cairo


What is the two-letter country code for this unit?  [Unknown]:  EG


Is CN=mysite, OU=mysite, O=mysite, L=cairo, ST=cairo, C=EG correct?


[no]:  yes


Enter key password for <incorta_selfsigned> (RETURN if same as keystore password):  


ls -ltr /home/incorta/keystore.jks


-rw-rw-r--. 1 incorta incorta 2235 Jan  4 11:51 /home/incorta/keystore.jks

Convert your certificate to JKS

Check with your SSL provider on how to convert the certificate to JKS format. Click here to see Digicert’s instructions for an example.

(If you are using a self-signed certificate, you can skip this step.)

Enable SSL for SQLi in Incorta

  1. Open the configuration page.

    • For Incorta versions 4.4.X or earlier: Configurations are located in the Incorta Login Admin page.
    • For Incorta versions 4.5 and later: Configurations are located in the CMC.

  2. From the System Configuration tab, select Server Configs then SQL Interface.

  3. Toggle the option to Enable SSL for SQL interface ports.

  4. Enter the path for the jks file previously created in the SSL certificate (JKS) path used for SQL interface.

  5. Enter the passphrase or password for that JKS in the SSL certificate (JKS) passphrase used for the SQL interface.

  6. Click Save.

Enable SSL in client side

  1. Enable SSL in your client or BI tools by setting SSL Mode to either prefer or require.
Note

If you are using a self-signed certificate the BI tools will reject the certificate as untrusted. To continue you will have to import the JKS at the client side as a trusted certificate.

  1. Convert the JKS file to a known format. See Oracle’s instructions here for an example.
  2. Import the certificate. In Windows you can search for "Manage computer certificates" then import the certificate.