If you deployed Hybrid Data Pipeline with Docker, you must redeploy the server on Docker using the new server certificate. The SSL certificate you use has different requirements, depending on whether you are using a load balancer.

Non-load balancer deployment

A new CA certificate. For non-load balancer deployments, the full certificate chain must be provided in x509 PEM file format. See SSL configuration (non-load balancer) for details.

Load balancer deployment

A new CA certificate

  • The load balancer must be configured to use the new certificate. Refer to your load balancer vendor documentation for information. See also Load balancer configuration.
  • The server requires only the public certificate to communicate with the load balancer. The certificate file must be in x509 PEM, x509 DER, or binary DER formats to successfully run the shell script. See SSL configuration (load balancer) for details.

After preparing the SSL certificate, you may take the following steps to update the Docker deployment of Hybrid Data Pipeline.

  1. Follow the Docker deployment steps described in Docker deployment steps.
    Important: The hdpdeploy.properties file must specify your new certificate.
  2. If you are using a load balancer, configure the load balancer with the new server certificate issued by the CA (certificate authority).
  3. Update certificate information for the following components as needed.
    Note: The ddcloudTrustStore.jks and ddcloud.pem files are available in the redist folder of the shared file directory.

    JDBC driver

    1. Copy and rename the updated ddcloudTrustStore.jks to trustStore.jks.
    2. Replace the TrustStore file in the JDBC driver installation directory jdbc_install_dir/SSLCertificates/trustStore.jks with the updated version.

    ODBC driver

    1. Copy and rename the updated ddcloud.pem to sslcertificates.pem.
    2. Replace the PEM file in the ODBC driver installation directory odbc_install_dir/sslcertificates/sslcertificates.pem with the updated version.

    On-Premises Connector

    Note: The On-Premises Connector TrustStore must be updated only if you are using a certificate from a less-well-known CA.
    1. Replace the TrustStore file in the On-Premises Connector installation directory opc_install_dir/OPDAS/ConfigTool/ddcloudTrustStore.jks with the updated version.
    2. Restart the On-Premises Connector.
      1. Select Stop Services from the Progress DataDirect Hybrid Data Pipeline On-Premises Connector program group.
      2. After the service has stopped, select Start Services from the Progress DataDirect Hybrid Data Pipeline On-Premises Connector program group.
      3. Select Configuration Tool from the Progress DataDirect Hybrid Data Pipeline On-Premises Connector program group.
      4. Select the Status tab and click Test to verify that the On-Premises Connector configuration is connecting to the Hybrid Data Pipeline server.
    3. Repeat steps a-b for each On-Premises Connector connecting to the server.