DLM Installation
Also available as:
PDF

Configure DLM Engine for TLS with a self-signed certificate

You can enable SSL for the DLM Engine using a self-signed certificate. Self-signed certificates are primarily used in test environments. For a production environment, you should use a certificate from a trusted CA.

You must have root user access to the clusters on which DLM Engine is installed.
  1. Log in as root user on the cluster with DLM Engine installed.
  2. Generate a key pair and keystore for use with DLM Engine.
    keytool -genkey -alias jetty -keystore <certificate_file_path> 
    -storepass <keystore_password> -dname 'CN=beacon.host.com, OU=Eng, O=ABC Corp, 
    L=Santa Clara, ST=CA, C=US' -keypass <key_password>
    Follow the prompts and enter the required information.
    • CN must be the FQDN of the DLM Engine host
    • Default value for the key password is password.

      If you change the password then you have to update the DLM configuration.

    Following is sample command output:
    keytool -genkey -alias jetty -keystore ~/tmp/ks -storepass password
    What is your first and last name?
      [Unknown]:  beacon.host.com
    What is the name of your organizational unit?
      [Unknown]:  Eng
    What is the name of your organization?
      [Unknown]:  ABC Corp
    What is the name of your City or Locality?
      [Unknown]:  Santa Clara
    What is the name of your State or Province?
      [Unknown]:  CA
    What is the two-letter country code for this unit?
      [Unknown]:  US
    Is CN=beacon.host.com, OU=Eng, O=ABC Corp, L=Santa Clara, ST=CA, C=US correct?
      [no]:  yes
    
    Enter key password for <jetty>
      (RETURN if same as keystore password):
  3. Export the certificate.
    keytool -exportcert -alias jetty -keystore /my/file.keystore -file <certificate file path>
    The keystore password is the same as the key password.
Configure the keystore for DataPlane use.