Import Security Certificates to Clients
When you use custom, special, or self-signed security certificates to secure the Hadoop cluster, Informatica clients that connect to the cluster require these certificates to be present in the client machine truststore.
To connect to the Hadoop cluster to develop a mapping, the Developer tool requires security certificate aliases on the machine that hosts the Developer tool. To run a mapping, the machine that hosts the Data Integration Service requires these same certificate alias files.
Perform the following steps from the Developer tool host machine, and then repeat them from the Data Integration Service host machine:
1. Run the following command to export the certificates from the cluster:
keytool -export -alias <alias name> -keystore <custom.truststore file location> -file <exported certificate file location> -storepass <password>
For example,
<java home>/jre/bin/keytool -export -alias <alias name> -keystore ~/custom.truststore -file ~/exported.cer
The command produces a certificate file.
2. Choose whether the domain is SSL-enabled or not SSL-enabled.
- - If the domain is SSL-enabled, then import the certficate alias file to the following locations:
- ▪ The client truststore at the location <Informatica installation directory>\clients\DeveloperClient\shared\security\infa_truststore.jks.
- ▪ The domain truststore at the location <Informatica installation directory>/services/shared/security/infa_truststore.jks
- - If the domain is not SSL-enabled, then run the following command to copy the exported certificate file to the client machine and import the certificate file to java cacerts:
keytool -import -trustcacerts -alias <alias name> -file <exported certificate file location> -keystore <java cacerts location> -storepass <password>
For example,
<java home>/jre/keytool -import -alias <alias name> -file ~/exported.cer -keystore <Informatica installation directory>/java/jre/lib/security/cacerts