Skip to main content
Version: 25.0.0

Configuring SSL communication

When configuring the Agent for SSL communication, Elasticsearch should be configured as described in the page titled Securing Elasticsearch of the Waratek Portal Dedicated Installation Guide

To enable SSL communication from the Java Agent to Elasticsearch, ensure the waratek.properties file contains the following flag:

com.waratek.ElasticsearchSecure=true

Using Waratek KeyStore

  • The Portal Dedicated is supplied with a Waratek-provided self-signed certificate to enable SSL connection to the service.
  • This is sufficient for testing, but will generate a browser warning when connecting as the certificate won’t match the domain name and IP address of the server.
  • For use in production it is strongly recommended to use a CA issued certificate, as described in the Production Configuration pages of the Waratek Portal Dedicated Installation Guide

If using the Waratek keyStore, do the following:

  1. Copy the MC keyStore, /opt/waratek/waratek-mc-<version-build>/controller.keystore.p12 onto the agent server under the existing Waratek installation. Ideally in a location independent of the agent version or instance configuration(s) (e.g. multiple different references to waratek.properties).

  2. Run the following command (as root user) in the directory in which you copied the keyStore above,  in order to convert the format of keyStore to JKS for the agent-side.

    # Ensuring you reference the correct executable based on your Java vendor. The below example assumes Jrockit as the Java vendor and not HotSpot, J9, etc.
    $ /jrockit_jdk6/jre/bin/keytool -importkeystore -srckeystore controller.keystore.p12 -srcstoretype pkcs12 -srcstorepass password -srcalias controller -destkeystore war_keystore.jks -deststoretype jks -deststorepass password -destalias WaratekMCCert

If the keytool command above fails with the following error;

keytool error: java.io.IOException: parseAlgParameters failed: DER input not an octet string

Please see the Agent on-boarding section with page titled Portal Dedicated On-boarding - SSL keytool error when converting controller.keystore.p12 into Java keyStore.

  1. Edit the appropriate waratek.properties file(s).
com.waratek.trustStore=<absolute_directory_path_to>/war_keystore.jks
# change the value for the password if you done so in previous steps
com.waratek.trustStorePassword=password

Start/Restart Application

Start/restart your application on Waratek and confirm it connects to the MC correctly and shows as “ONLINE” in the MC browser.