Open topic with navigation

Setting a TH Destination using only TLS

For more information on Transformation Hub destination, see Transformation Hub Destinations.

To set a TH Destination from Logger using TLS, go to System Admin > Security > FIPS 140-2 and confirm the FIPS mode is turned off. Otherwise, make sure to mark the Disable option, click Save, and then restart the system.

Step 1: Generate a certificate in the Transformation Hub Master

On the Logger Server

1. Set the environment variables for the static values used by keytool, and create the stores directory

   Action	Command
   Locate the OBC.	Software: export CURRENT=<Logger install dir>/current/arcsight/connector/current Appliance: export CURRENT=/opt/arcsight/connector/current
   Set an alias for the Transformation Hub. Add a unique name to identify your TH.	export TH=<Transformation Hub hostname>_<Transformation Hub port>
   Set the directory to place the certificates.	export STORES=${CURRENT}/user/agent/stores
   Establish the certificate	export CA_CERT=ca.cert.pem
   Set a password for the certificates.	export STORE_PASSWD=changeit
   Create the stores directory.	mkdir -p ${STORES}

On the Transformation Hub Master

1. Create the certificate:

export CA_CERT=/tmp/ca.cert.pem

${K8S_HOME}/scripts/cdf-updateRE.sh > ${CA_CERT}

2. Copy the file to the ${STORES} directory created in Logger.

3. Delete the certificate in Transformation Hub:

   rm /tmp/ca.cert.pem

Step 2: Import the certificates to Logger Server

1. Import the certificate to the trust store in the ${CURRENT} folder and note the truststore path:

${CURRENT}/jre/bin/keytool -importcert -file ${STORES}/${CA_CERT} -alias CARoot -keystore ${STORES}/${TH}.truststore.jks -storepass ${STORE_PASSWD}

echo ${STORES}/${TH}.truststore.jks

2. Remove the ${CA_CERT} file from Logger:

   rm ${STORES}/${CA_CERT}

Step 3: Set Logger UI

Follow the steps described in To create a TH Destination Make sure to fill out the following fields as described below: