Contents x
SSL Configuration FAQ
  • Dark
    Light
Contents

SSL Configuration FAQ

  • Dark
    Light

Overview

This article is designed to help you troubleshoot some of the typical errors that you may encounter while configuring SSL for Matillion ETL.

Matillion will continue to add and update the information in this article, to continually help you investigate, diagnose, and fix any issues. If you cannot find the answer to your question here, please visit our Getting Support page.

Where is the private key stored?

The private key is stored on the Matillion ETL server at:

/etc/tomcat/localhost.key

Where is the certificate stored?

The SSL certificate is stored on the Matillion ETL server at:

/etc/tomcat/localhost.crt

Where is the Java keystore?

The Java keystore is stored on the Matillion ETL server at:

/usr/lib/jvm/jre/lib/security/cacerts

When creating the Certificate Signing Request, do I need to specify a Subject Alternative Name?

Yes you do. Some of the major browsers no longer require a Common Name (CN) but do require a Subject Alternative Name (SAN).

How do I create a Certificate Signing Request with a SAN in it?

To create a Certificate Signing Request (CSR) with a Subject Alternative Name (SAN), follow these steps.

  1. Log in to the Matillion ETL server.
  2. Go to /tmp, or any other directory you have created for this purpose.
  3. Create a file named san.cnf containing the following information, substituting your own information for each value:
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (e.g. your company)
commonName = Common Name (e.g. server FQDN or YOUR name)
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1   = additional DNS 
DNS.2   = additional DNS
DNS.3   = additional DNS

In the [alt_names] section enter any additional DNS you are using.

  1. Save the file.
  2. Execute the following OpenSSL command:
openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config san.cnf

This will create sslcert.csr and private.key files in the present working directory.

  1. Send sslcert.csr to your certificate signing authority so they can provide you a certificate with SAN.
What's Next

Cookie consent

We use our own and third-party cookies to understand how you interact with our knowledge base. This helps us show you more relevant content based on your browsing and navigation history.