TLS/SSL Setup and Configuration for the Rule Engine
Prerequisites
A generated Java Keystore is required for each deployed node in your Flink cluster. See: https://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.html
Getting Started
The Rule Engine uses Apache Flink as its distributed stream and batch data processing platform. Apache Flink provides the following information about how to setup and configure SSL. See: https://ci.apache.org/projects/flink/flink-docs-release-1.3/setup/security-ssl.html
Configuring the Backend
plugin.properties -<Automic>/awi/config/webui-plugin-analytics
The following flag should be configured:
backend.endpoint=https://{hostname}:8443
application.properties - <Automic>/Automation.Platform/Analytics/backend
The following flags should be configured in the SSL Configuration section:
########################
SSL Configuration
########################
#By enabling the server.ssl.* settings the Backend will only accept HTTPS connections. #An unsecure HTTP connection will be automatically disabled. Change the port to 8443 if required by setting.
#server.port=8443
#Path to the key store that holds the TLS/SSL certificate (typically a JKS file).
#server.ssl.key-store=/path/to/keystore.jks
#Password used to access the key store.
#server.ssl.key-store-password=
#Password used to access the key in the key store.
#server.ssl.key-password=
Two flags can be used to configure TLS/SSL when connecting to Flink.
To enable TLS/SSL in Flink, set the following flag:
flink.use_ssl=true
To allow self-signed certificates, set the following flag:
flink.disable_self_signed_certificates=false