Contents x
How to add a certificate chain file for SSL configuration
  • Dark
    Light
Contents

How to add a certificate chain file for SSL configuration

  • Dark
    Light

Overview

This guide describes how to configure your Matillion ETL instance to recognize a certificate chain file to your Matillion SSL Setup. This is often useful if you need it to recognize an intermediate certificate.

Note

As of version 1.69, Matillion ETL's Apache Tomcat version has been updated from 8.5.75 to version 10.1.5.

tomcat8 commands are now tomcat.

Note

Key files for SSL certificate chains must be unencrypted and not password protected.

Apache Tomcat SSL configuration

Here is the configuration parameter: SSLCertificateChainFile

  1. Gain an SSH session and switch to the root user.
  2. Take a backup of the current SSL configuration.
cp -rp /etc/tomcat/localhost.crt /etc/tomcat/localhost.crt.bak

cp -rp /etc/tomcat/localhost.key /etc/tomcat/localhost.key.bak

cp -rp /etc/tomcat/server.xml /etc/tomcat/server.xml.bak
  1. Copy the private key and certificates to the following locations.
cp /your/key/file /etc/tomcat/localhost.key

cp /your/cert/file /etc/tomcat/localhost.crt

cp /your/intermediates/file /etc/tomcat/localhost-chain.crt
  1. Update the file ownership and permissions.
chown tomcat:tomcat /etc/tomcat/localhost*

chmod 775 /etc/tomcat/localhost*
  1. Locate and edit the following section:
<Connector SSLCertificateFile="${catalina.base}/conf/localhost.crt" SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" SSLEnabled="true" clientAuth="false" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" scheme="https" secure="true" sslProtocol="TLS">
  1. Make the following changes to add an SSLCertificateChainFile property and value (and point to your chainfile):
<Connector SSLCertificateFile="${catalina.base}/conf/localhost.crt" SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" SSLCertificateChainFile="/path/to/ChainFile" SSLEnabled="true" clientAuth="false" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" scheme="https" secure="true" sslProtocol="TLS"/>
  1. Restart tomcat.
systemctl restart tomcat

  1. Validate the connection to the Matillion ETL HTTPS endpoint.

  2. Check the file /var/log/tomcat/catalina.out for any errors.

Video

The below video produced by our solution architects team also references certificate chain files.

What's Next

Cookie consent

We use our own and third-party cookies to understand how you interact with our knowledge base. This helps us show you more relevant content based on your browsing and navigation history.