Initial Configuration
The base L4i installation will come pre-configured with the core system and a test filesystem connector. Additional connectors and connections will need to be configured. The main task to complete for initial setup is the configuration of certificates for these connectors.
The L4i connectors and core components communicate through HTTPS/TLS encrypted connections. To enable these secure connections, x.509 certificates must be supplied. L4i provides mechanisms to generate these certificates.
Options when generating certificates include:
- Configuration of which connector certificates to create
- Configuration of the server IP address/DNS entry when remote connectors are required
- Creation of passwords for certificates generated
Settings are configured in the file <install location>\conifg\trex-certmgr-application.json
The trex-certmgr-application.json file contains the following sections:
"defaults" : this section allows settings that will be used for all certificates generated. This can be overridden in the specifics of each individual certificate section
"master": This is the section for the master keystore for all configured connectors on the system. The default settings will be sufficient for a one box installation.
For each connector, the value for "disabled" should be set to 'false' to have a certificate generated.
If distributing a connector on a remote server, the "san" section can be used to define the remote server name and/or ip address.
An example snippet for the file system connector is shown below, including a "san" section.
"keystores": The keystores section is where L4i configuration for the p12 keystore certificates is done. Each connector must have an alias entry in the section "keystore": "trex.cnn.keystore.p12". The "storepass" entry is where a password for the keystore can be configured.
The section that will need configuration is the trex.cnn.keystore.p12. This contains references to each of the connectors being used. An example of this section is shown below, with 5 connectors being setup:
"truststores": The truststores section is where L4i configuration for the p12 truststore certificates is done. These trusts allow the connectors and core TRex components to exchange their certificates.
The "storepass" entry allows for configuration of the password for the truststore.
There are two sections that will need configuration:
- trex.ngin.truststore.p12 (allows connections to the core TRex transformation engine)
- trex.cfgmgr.truststore.p12 (allows connections to the TRex configuration UI engine)
Both of these sections contain references to each of the connectors being used. Note: this should match the list from the keystore section.
An example of this section is shown below, with 5 connectors being setup:
"exports": The exports section configures the exported certificates for the system. Of note is the "privatekeys" section. This will generte a .p12 certificate that can be imported into a web browser to allow connectivity to the d4i configuration service. Set a storepass that will be used. NOTE: Here you can configurate a separate certificate/password for different environments (DEV vs PROD etc).
Once configuration is complete, the powershell script '<install location>\start-cert-mgr.ps1' should be run. This script will start a java application that will generate (or re-generate) the application certificates.