Configuring Enterprise Data Catalog Agent for SSL
By default, the Enterprise Data Catalog agent does not communicate over a secure connection. You must use a CA-signed or self-signed certificate to enable SSL for the Enterprise Data Catalog agent. Also, you must modify the Setup.bat script for the script to work as expected. Perform the following steps to enable the agent for SSL:
1. Obtain a CA-signed certificate or create a new self-signed certificate using the following command: .
keytool -genkey -keyalg RSA -alias edcagent -keystore agent_keystore.jks -storepass <keystore password> -validity 365 -keysize 2048
2. Modify the Setup.bat file and replace the reference to the MMConfiguration.jar file in the last line with *.
3. Run the Setup.bat script using the following command to install the Enterprise Data Catalog agent as a Windows service and set up the service to use the specified SSL certificate.
.\Setup.bat -s true -sc agent_keystore.jks -sp <keystore password> --tomcat-service true
Parameter | Description |
|---|
-s | Set true or false to enable or disable SSL. |
-sc | Specify the X.509 file containing the SSL certificate. |
-sp | Specify the password for the SSL key file. |
--tomcat-service | Set true or false to install or remove tomcat as a service |
Note: To view the list of parameters that can be used with the script, run .\Setup.bat --help.
The agent is started and can only accept https connections. Scanners that use the agent must be configured to use the https URL for the agent.
Important: If you use Enterprise Data Catalog agent with SAP BO, you must launch the agent as a regular desktop application, not as a service. To launch the agent as a desktop application, run the RestartServerApplication.bat script.