For more information on Transformation Hub destination, see Transformation Hub Destinations.
To set a TH Destination from Logger using TLS and FIPS, go to System Admin > Security > FIPS 140-2 and confirm the FIPS mode is turned on. Otherwise, make sure to mark the Enable option, click Save, and then restart the system.
On the Logger Server
Set the variables for the static values (used by keytool), and create the stores directory.
| Action | Command |
|---|---|
| Locate the OBC. |
Software:
Appliance:
|
| Set the Bouncy Castle certificate. | export BC_OPTS="-storetype BCFKS -providername BCFIPS -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath ${CURRENT}/lib/agent/fips/bc-fips-1.0.2.jar -J-Djava.security.egd=file:/dev/urandom" |
| Set an alias for the Transformation Hub. Add an unique name to identify your TH. | export TH=<Transformation Hub hostname>_<Transformation Hub port>
|
| Set the directory to place the certificates. | export STORES=${CURRENT}/user/agent/stores
|
| Establish the certificate | export CA_CERT=ca.cert.pem
|
| Set a password for the certificates. | export STORE_PASSWD=changeit
|
| Create the stores directory. | mkdir -p ${STORES}
|
On the Transformation Hub Master
${K8S_HOME}/scripts/cdf-updateRE.sh > /tmp/ca.cert.pem
${STORES} directory created in Logger.Delete the certificate in TH:
rm /tmp/ca.cert.pem
On the Logger Server
${CURRENT} folder and note the truststore path:${CURRENT}/jre/bin/keytool ${BC_OPTS} -importcert -file ${STORES}/${CA_CERT} -alias CA_{TH} -keystore ${STORES}/${TH}.truststore.bcfips -storepass ${STORE_PASSWD}
echo ${STORES}/${TH}.truststore.bcfips
Remove the ${CA_CERT} file from Logger:
rm ${STORES}/${CA_CERT}
Follow the steps described in To create a TH Destination Make sure to fill out the following fields as described below:
| Parameter field | Action |
|---|---|
|
Use SSL/TLS |
Set to true. |
|
SSL/TLS Trust Store file |
Add the |
|
SSL/TLS Trust Store password |
Enter the password you set for the trust store. |