Skip to main content
Version: 25.4.0

Configuring TLS communication

When configuring the Agent for TLS communication, Elasticsearch should be configured as described in the page titled Securing Elasticsearch of the Portal Dedicated Installation Guide.

To enable TLS communication from the Java Agent to Elasticsearch, ensure the waratek.properties file contains the following flag:

com.waratek.ElasticsearchSecure=true

Using KeyStore

  • The Portal Dedicated is supplied with a self-signed certificate to enable TLS connection to the service.
  • This is sufficient for testing, but will generate a browser warning when connecting as the certificate won't match the domain name and IP address of the server.
  • For use in production it is strongly recommended to use a CA issued certificate, as described in the Production Configuration pages of the Portal Dedicated Installation Guide.

If using the supplied keyStore, do the following:

  1. Ensure you have the PortalDedicatedCert.crt file, which was created in the Agents to use HTTPS step in the page titled Securing Elasticsearch of the Portal Dedicated Installation Guide. (when completing the “Milestone 3” steps)

  2. Execute the following keytool command as sudo to add PortalDedicatedCert.crt to the JDK keystore, specifying the alias and entering the password, as required.

    sudo <jdk>/bin/keytool -import -alias PortalAlias -file PortalDedicatedCert.crt -storetype JKS -keystore war_keystore.jks

    Note, use the keytool that is present at <jdk>/bin/keytool in the bin directory of the Java JDK that the agent is running with.

    When prompted to Trust this certificate?, enter yes; When successfully added, the following output is logged by the keytool command;

    Certificate was added to keystore

  3. Edit the appropriate waratek.properties file(s).

    com.waratek.trustStore=<absolute_directory_path_to>/waratek_secure_keystore.jks
    # change the value for the password if you done so in previous steps
    com.waratek.trustStorePassword=password

Start/Restart Application

Start/restart your application and confirm it connects to the Portal correctly and shows as “ONLINE” in the Portal browser.