Versions Compared

Old Version 40

changes.mady.by.user John McKeever

Saved on

compared with

New Version 41

changes.mady.by.user John McKeever

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

First ensure that you use the keytool command shipped with the Java v1.8 package you downloaded to support MettleCI. You can check your command line’s default keytool using operating-specific commands where keytool

Status
colourBlue
titleWindows
or which keytool
Status
colourYellow
titleUnix
. Verify that the response indicates that you will be using the keytool in the correct bin directory (e.g. in your OpenJDK installation).

...

Please replace the <placeholder-values> in this command based on the following descriptions:

Placeholder

Description

Example Value

path-to-keystore

Full qualified path of the key store to be created

/opt/dm/mci/workbench.p12 (Unix)

C:\dm\mci\workbench.p12 (Windows)

store-password

Password required when reading or writing to the newly created key store

Choose a random password string.

Note that the key stores supplied with Java have a default password of changeit.

host-url

The domain name of the URL that will be used to access Workbench in your browser. This does not include the protocol or port numbers. For example, dev-engine.datamigrators.com

your-engine.yourdomain.com

(no port number)

days-valid

The number of days for which the key should remain valid

Note that the key stores supplied with Java have a default validity of 180 days.

For example, this command creates a keystore called workbench.p12 in the MettleCI home directory for use with workbench currently accessed at URL http://my-engine.datamigrators.com:8080:

Expand
titleWindows
Code Block
languagebash
keytool -genkey -keyalg RSA -alias workbench -keystore C:\dm\mci\workbench.p12
-storepass changeit -storetype PKCS12 -keysize 2048
-sigalg SHA256withRSA -dname "CN=engine.datamigrators.com"
-ext san=dns:engine.datamigrators.com
-validity 365
Info

Note that in the example above you must ensure that engine.datamigrators.com is replaced with the domain name of your DataStage engine, which you can get from the Workbench URL (e.g. mydsengine.acmesandwichmakers.com).

You can verify your keystore by listing the certificates within it. You’ll need to re-enter your keystore password, which is 'changeit' (no quotes) in our example.

Code Block
keytool -list -v -keystore C:\dm\mci\workbench.p12 -storetype PKCS12
Enter keystore password: ********

If you need to export your certificate for signing you can use a command like the following:

Code Block
keytool -certreq -keyalg RSA -alias workbench -keystore C:\dm\mci\workbench.p12
-storepass changeit -sigalg SHA256withRSA -file C:\dm\mci\workbench.csr
Expand
titleUnix
Code Block
languagebash
keytool -genkey -keyalg RSA -alias workbench -keystore /opt/dm/mci/workbench.p12 \
-storepass changeit -storetype PKCS12 -keysize 2048 \
-sigalg SHA256withRSA -dname "CN=engine.datamigrators.com" \
-ext san=dns:engine.datamigrators.com
-validity 365
Info

Note that in the example above you must ensure that engine.datamigrators.com is replaced with the domain name of your DataStage engine, which you can get from the Workbench URL (e.g. mydsengine.acmesandwichmakers.com).

Ensure that your keystore has at least 644 (rw-r--r--) privileges.

Ensure that your keystore is owned by mciworkb:dstage.

You can verify your keystore by listing the certificates within it. You’ll need to re-enter your keystore password, which is 'changeit' (no quotes) in our example above.

Code Block
languagebash
keytool -list -v -keystore /opt/dm/mci/workbench.p12 -storetype PKCS12
Enter keystore password: ********

If you need to export your certificate for signing you can use a command like the following:

Code Block
keytool -certreq -keyalg RSA -alias workbench -keystore /opt/dm/mci/workbench.p12 -storepass changeit \
-sigalg SHA256withRSA -file /opt/dm/mci/workbench.csr

Note that with the exception of keytool -list the keytool command will not normally return a value to the console.

...