Progress DataDirect Hybrid Data Pipeline Deployment Guide Release 5.0.0

Importing data store SSL certificates

Save PDF

Importing data store SSL certificates

Save PDF

Last Updated: August 29, 2025
3 minute read

Hybrid Data Pipeline
Version 5.0
Documentation

The Hybrid Data Pipeline server and On-Premises Connector use a JVM at runtime. When connecting to a data store secured with a less-well-known certificate, you must import the certificate into the truststore of the JVM used at runtime. See the following sections for step-by-step instructions.

Importing certificates into the Hybrid Data Pipeline server JVM truststore
Importing certificates into the On-Premises Connector JVM truststore

Importing certificates into the Hybrid Data Pipeline server JVM truststore

Before you begin, consider reviewing the certificates in the JVM truststore. To view the certificates in the truststore, navigate to the truststore directory and use the keytool utility to list supported certificates. For example:

JAVA_HOME/bin/keytool -list -v -keystore key_location/ddcloudTrustStore.jks

If you are using a certificate that is not in the truststore, the truststore must be updated in the key location (or shared file location). For a non-load balancer deployment, the default key location may be retained, or a key location may be specified during installation. For a load balancer deployment, a key location must be specified.

JVM truststore default location (non-load balancer deployment only): hdp_install_dir/ddcloud/keystore/ddcloudTrustStore.jks, where hdp_install_dir is the Hybrid Data Pipeline installation directory.
JVM truststore user-specified location: key_location/ddcloudTrustStore.jks, where key_location is the location of the key location specified by the user during installation.

Important: To enable server-side SSL on Linux deployments, the enable_ssl.sh script must be run. This script rebuilds the truststore from the wildcard node certificate file you provide, and it does not reintegrate manually imported data store certificates. Therefore, if you run the script after importing data store certificates, you must reimport these certificates. You must also reimport data store certificates when updating the Hybrid Data Pipeline SSL server certificate. For more information, see SSL configuration (load balancer) and Updating SSL certificates.

Take the following steps to import an SSL certificate into the Hybrid Data Pipeline server JVM truststore:

From your console, navigate to the JVM trustore directory. For example:
```
cd key_location
```
Use the keytool to import the certificate file. In the following example, the certificate file is in the PEM file format.
```
JAVA_HOME/bin/keytool -importcert -file full_path/selfsignedcert.pem
   -keystore key_location/ddcloudTrustStore.jks -storetype JKS -storepass datadirect
```
Note: The default password for the JVM truststore included with the Hybrid Data Pipeline server is datadirect.
Restart the Hybrid Data Pipeline service. For cluster deployments, restart the service on each node in the cluster.
1. Run the stop service script.
```
./install_dir/ddcloud/stop.sh
```
  Note: Shutting down Hybrid Data Pipeline can take a few minutes. Wait until you see the Shutdown complete message displayed on the console before taking any additional actions.
2. Run the start service script.
```
./install_dir/ddcloud/start.sh
```
Test connectivity to the data store by setting up a Hybrid Data Pipeline data source and running a query against it.

Importing certificates into the On-Premises Connector JVM truststore

If you are connecting to an on-premises data store with the On-Premises Connector, you must update the truststore of any On-Premises Connector used to connect to the data store. The On-Premises Connector truststore is located in the cacerts directory. For example:

jre_install_dir\jre\lib\security\cacerts

where jre_install_dir is the installation directory of the JRE used for the operation of the On-Premises Connector.

Important: You must reimport data store certificates when updating the Hybrid Data Pipeline SSL server certificate. For more information, see Updating SSL certificates.

Take the following steps to import an SSL certificate into the On-Premises Connector JVM truststore:

From your console, navigate to the JVM truststore directory. For example:
```
cd opc_install_dir\OPDAS\ConfigTool\ddcloudTrustStore.jks
```
Use the keytool to import the certificate file. In the following example, the certificate file is in the PEM file format.
```
JAVA_HOME\bin\keytool -importcert -file full_path/selfsignedcert.pem
   -keystore ddcloudTrustStore.jks -storetype JKS
```
Restart the On-Premises Connector.
1. Select Stop Services from the Progress DataDirect Hybrid Data Pipeline On-Premises Connector program group.
2. After the service has stopped, select Start Services from the Progress DataDirect Hybrid Data Pipeline On-Premises Connector program group.
3. Select Configuration Tool from the Progress DataDirect Hybrid Data Pipeline On-Premises Connector program group.
4. Select the Status tab and click Test to verify that the On-Premises Connector configuration is correct.
Optional. Follow steps 1-3 for each On-Premises Connector used to connect to the data store.
Test connectivity to the data store by setting up a Hybrid Data Pipeline data source and running a query against it.