Configure SSL to access Collibra

If you want to connect to Collibra Platform in a secure way with your web browser, you have to use SSL. This procedure explains how you can activate SSL access to Collibra.

Tip For secure communication from Collibra to other services, for example an LDAP server, see Configure the SSL settings.

Important Even with SSL enabled, HTTP traffic is still required, must remain enabled, and occurs as part of the internal communication between Collibra components.

Prerequisites

You have knowledge of the JSON syntax.
You have created a Java KeyStore according the procedure described by Oracle, for example clientkeystore.
You have noted the following data while creating the Java KeyStore:
- KeyStore file name: clientkeystore in the Oracle example.
- KeyStore alias: client in the Oracle example.
- KeyStore password: The password that you entered after executing the command of the first step in the Oracle example.
- KeyStore alias password: The password that you entered as last step of step 2 in the Oracle example.
You have stored the Java KeyStore on the server that hosts the DGC service in the <collibra_data>/dgc/security folder, for example /opt/collibra_data/dgc/security.

Steps

To configure Collibra Platform for access over SSL, follow these steps:

Open a terminal session on the DGC node.
Open the file <collibra_data>/dgc/config/server.json for editing.

Fill in the following parameters in the httpsConnector section:
Add string values between double quotes.

Parameter	Description
port	The port on which the HTTPS connector must bind. The value must be higher than 1024 to avoid root permissions. Note If you want to use the default SSL port 443, you have to use a reverse proxy.
keyAlias	The KeyStore alias.
keyPass	The KeyStore alias password.
keystorePass	The KeyStore password.
keystoreFile	The full path to the KeyStore file name, for example /opt/collibra_data/dgc/security/clientkeystore.
Example "httpsConnector" : { "port": 5404, "keyAlias": "your-alias", "keyPass": "your-password", "keystorePass": "your-password", "keystoreFile": "/opt/collibra_data/dgc/security/collibradgc.jks" }, }

Save and close the file.
Open the DGC service settings for editing:
Click the General settings section.
Update the Base URL parameter with https and the new port.
Restart the environment.

Connect to your Collibra environment via the Base URL.

Extra

To prevent regular HTTP traffic to Collibra, update the address parameter with the value 127.0.0.1 in <collibra_data>/dgc/config/server.json and restart the environment.

This will not prevent the administration tools, for example Collibra Console, from connecting to Collibra without SSL.

For more information, see the knowledge base on the Collibra Support Portal.