Designer has its Own Certificate

Home \| Table of Contents	Designer has its Own Certificate	CloverETL 4.6.1
Prev	Connecting via HTTPS	Next

In order to connect to CloverETL Server via https when Designer must have its own certificate, create client and server keystores/truststores.

To generate these keys, execute the following script (version for Unix) in the bin subdirectory of JDK or JRE where keytool is located:

# SERVER
# create server key-store with private-public keys
keytool -genkeypair -alias server -keyalg RSA -keystore ./serverKS.jks \
        -keypass p4ssw0rd -storepass p4ssw0rd -validity 900 \
        -dname "cn=localhost, ou=ETL, o=Javlin, c=CR"           
# exports public key to separated file
keytool -exportcert -alias server -keystore serverKS.jks \
        -storepass p4ssw0rd -file server.cer

# CLIENT
# create client key-store with private-public keys
keytool -genkeypair -alias client -keyalg RSA -keystore ./clientKS.jks \
        -keypass chodnik -storepass chodnik -validity 900 \
        -dname "cn=Key Owner, ou=ETL, o=Javlin, c=CR"           
# exports public key to separated file
keytool -exportcert -alias client -keystore clientKS.jks \
        -storepass chodnik -file client.cer

# trust stores 

# imports server cert to client trust-store
keytool -import -alias server -keystore clientTS.jks \
        -storepass chodnik -file server.cer

# imports client cert to server trust-store
keytool -import -alias client -keystore serverTS.jks \
        -storepass p4ssw0rd -file client.cer

(In these commands, localhost is the default name of your CloverETL Server, if you want any other Server name, replace the localhost name in these commands by any other hostname.)

After that, copy the serverKS.jks and serverTS.jks files to the conf subdirectory of Tomcat.

Then, copy the following code to the server.xml file in this conf subdirectory:

<Listener className="org.apache.catalina.core.AprLifecycleListener" 
          SSLEngine="off" />

          
<Connector port="8443" maxHttpHeaderSize="7192"
          maxThreads="150" minSpareThreads="25"
          enableLookups="false" disableUploadTimeout="true"
          acceptCount="100" scheme="https" secure="true"
          clientAuth="true" sslProtocol="TLS"
          SSLEnabled="true"
          protocol="org.apache.coyote.http11.Http11NioProtocol"
          keystoreFile="pathToTomcatDirectory/conf/serverKS.jks"
          keystorePass="p4ssw0rd"
          truststoreFile="pathToTomcatDirectory/conf/serverTS.jks"
          truststorePass="p4ssw0rd"
/>

	Important
	The path to keystore and truststore files must be absolute. Relative paths may not work. This is valid for both parts of communication.

Now you can run CloverETL Server by executing the startup script located in the bin subdirectory of Tomcat.

Configuring CloverETL Designer

Now you need to copy the clientKS.jks and clientTS.jks files to any location.

After that, copy the following code to the end of the eclipse.ini file, which is stored in the eclipse directory:

-Djavax.net.ssl.keyStore=locationOfClientFiles/clientKS.jks 
-Djavax.net.ssl.keyStorePassword=chodnik
-Djavax.net.ssl.trustStore=locationOfClientFiles/clientTS.jks 
-Djavax.net.ssl.trustStorePassword=chodnik

Now, when you start your CloverETL Designer, you will be able to create your CloverETL Server projects using the following default connection to Server: https://localhost:8443/clover where both login name and password are clover.