Configure SSL to access Collibra DGC

If you want to connect to Collibra Data Governance Center in a secure way with your web browser, you have to use SSL. This procedure explains how you can activate SSL access to Collibra DGC.

Tip For secure communication from Collibra DGC to other services, for example an LDAP server, see Configure the SSL settings.

Important Even with SSL enabled, HTTP traffic is still required, must remain enabled, and occurs as part of the internal communication between Collibra components.

Prerequisites

  • You have knowledge of the JSON syntax.
  • You have created a Java KeyStore according the procedure described by Oracle, for example clientkeystore.
  • You have noted the following data while creating the Java KeyStore:
    • KeyStore file name: clientkeystore in the Oracle example.
    • KeyStore alias: client in the Oracle example.
    • KeyStore password: The password that you entered after executing the command of the first step in the Oracle example.
    • KeyStore alias password: The password that you entered as last step of step 2 in the Oracle example.
  • You have stored the Java KeyStore on the server that hosts the DGC service in the <collibra_data>/dgc/security folder, for example /opt/collibra_data/dgc/security.

Steps

To configure Collibra Data Governance Center for access over SSL, follow these steps:

  1. Open a terminal session on the DGC node.
  2. Open the file <collibra_data>/dgc/config/server.json for editing.
  3. Fill in the following parameters in the httpsConnector section:
    Add string values between double quotes.

    ParameterDescription
    port

    The port on which the HTTPS connector must bind. The value must be higher than 1024 to avoid root permissions.

    Note If you want to use the default SSL port 443, you have to use a reverse proxy.

    keyAliasThe KeyStore alias.
    keyPassThe KeyStore alias password.
    keystorePassThe KeyStore password.
    keystoreFileThe full path to the KeyStore file name, for example /opt/collibra_data/dgc/security/clientkeystore.
    Example  
    "httpsConnector" : {
    "port": 5404,
    "keyAlias": "your-alias",
    "keyPass": "your-password",
    "keystorePass": "your-password",
    "keystoreFile": "/opt/collibra_data/dgc/security/collibradgc.jks" },
}


  4. Save and close the file.
  5. Open the DGC service settings for editing:
  6. Click the General settings section.
  7. Update the Base URL parameter with https and the new port.
  8. Restart the environment.

Connect to your Collibra DGC environment via the Base URL.

Extra

To prevent regular HTTP traffic to Collibra DGC, update the address parameter with the value 127.0.0.1 in <collibra_data>/dgc/config/server.json and restart the environment.

This will not prevent the administration tools, for example Collibra Console, from connecting to Collibra DGC without SSL.

For more information, see the knowledge base on the Collibra Support Portal.