TLS/SSL Setup and Configuration for the Rule Engine

Prerequisites

A generated Java Keystore is required for each deployed node in your Flink cluster. See: https://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.html

Getting Started

The Rule Engine uses Apache Flink as its distributed stream and batch data processing platform. Apache Flink provides the following information about how to setup and configure SSL. See: https://ci.apache.org/projects/flink/flink-docs-release-1.3/setup/security-ssl.html

Configuring the Backend

plugin.properties -<Automic>/awi/config/webui-plugin-analytics

The following flag should be configured:

backend.endpoint=https://{hostname}:8443

application.properties - <Automic>/Automation.Platform/Analytics/backend

The following flags should be configured in the SSL Configuration section:

########################

SSL Configuration  

########################

#By enabling the server.ssl.* settings the Backend will only accept HTTPS connections. #An unsecure HTTP connection will be automatically disabled. Change the port to 8443 if required by setting.

#server.port=8443

#Path to the key store that holds the TLS/SSL certificate (typically a JKS file).

#server.ssl.key-store=/path/to/keystore.jks

#Password used to access the key store.

#server.ssl.key-store-password=

#Password used to access the key in the key store.

#server.ssl.key-password=

Two flags can be used to configure TLS/SSL when connecting to Flink.

To enable TLS/SSL in Flink, set the following flag:

flink.use_ssl=true

To allow self-signed certificates, set the following flag:

flink.disable_self_signed_certificates=false