For Hybrid Data Pipeline versions 4.6.1.1930 or earlier deployed on Linux, the client-side SSL certificate may be updated manually for load balancer deployments. This client-side SSL certificate is used for SSL termination at the load balancer and must be configured on the load balancer. If you are using Hybrid Data Pipeline components that communicate with the load balancer (such as the On-Premises Connector, the ODBC driver, or the JDBC driver), the SSL certificate information for these components must in turn be updated.

Note: To update server-side SSL certificates, you take the same steps used for configuring server-side SSL. See SSL configuration (load balancer) for details.

Take the following steps to update a Hybrid Data Pipeline environment with a new server certificate.

  1. Configure the load balancer with the new server certificate issued by the CA (certificate authority).
  2. Generate the PEM file ddcloud.pem server certificate from the new server certificate.
    • Option 1. If working from a PEM file, execute the following commands.
      openssl crl2pkcs7 -nocrl -certfile <cert_file_path>/newcert.pem
      openssl pkcs7 -print_certs -out ddcloud.pem
    • Option 2. If working from a file in DER encoded binary X.509 file format (such as a .cert, .cer or .crt file), execute the following command.
      openssl x509 -inform der -in newcert.cer -out ddcloud.pem
  3. Replace the ddcloud.pem in the shared file location <key_location>/redist with the new ddcloud.pem you created in Step 2. For example:
    cp ddcloud.pem <key_location>/redist/ddcloud.pem
    Note: The key location directory is specified during installation or upgrade of the Hybrid Data Pipeline server. The key location can be found in the update.properties file in the installation directory of any server node.
  4. Create the TrustStore ddcloudTrustStore.jks by executing the following command.
    <hdp_install_dir>/jre/bin/keytool -importcert -file ddcloud.pem
   -keystore ddcloudTrustStore.jks -storetype JKS -storepass datadirect
   -noprompt
  5. Replace the ddcloudTrustStore.jks in the shared file location <key_location>/redist with the new ddcloudTrustStore.jks you created in Step 4. For example:
    cp ddcloudTrustStore.jks <key_location>/redist/ddcloudTrustStore.jks
    Note: The key location directory is specified during installation or upgrade of the Hybrid Data Pipeline server. The key location can be found in the update.properties file in the installation directory of any server node.
  6. Update the certificate information for Hybrid Data Pipeline components.

    ODBC driver

    a. Rename the ddcloud.pem file you created in Step 2 to sslcertificates.pem.

    b. Replace the sslcertificates.pem in the ODBC installation directory with the new sslcertificates.pem you created in the previous step. For example:
    cp sslcertificates.pem <odbc_install_dir>/sslcertificates.pem

    JDBC driver

    Import the ddcloud.pem file you created in Step 2 into the JDBC truststore trustStore.jks located in the JDBC installation directory. For example: 
    <hdp_jdbc_install_dir>/jre/bin/keytool -importcert -file ddcloud.pem
   -keystore <hdp_jdbc_install_dir>/SSLCertificates/trustStore.jks
   -storetype JKS -storepass datadirect -noprompt

    On-Premises Connector

    a. Import the ddcloud.pem file you created in Step 2 into the On-Premises Connector truststore ddcloudTrustStore.jks located in the On-Premises Connector installation directory. For example:
    <hdp_opc_install_dir>/jre/bin/keytool -importcert -file ddcloud.pem
   -keystore <hdp_opc_install_dir>\OPDAS\ConfigTool\ddcloudTrustStore.jks
   -storetype JKS -storepass datadirect -noprompt
    b. Restart the On-Premises Connector.
    • Select Stop Services from the Progress DataDirect Hybrid Data Pipeline On-Premises Connector program group.
    • After the service has stopped, select Start Services from the Progress DataDirect Hybrid Data Pipeline On-Premises Connector program group.
    • Select Configuration Tool from the Progress DataDirect Hybrid Data Pipeline On-Premises Connector program group.
    • Select the Status tab and click Test to verify that the On-Premises Connector configuration is correct.
  7. Test connectivity to Hybrid Data Pipeline data sources.