Configuring SSL for Helix Artifacts (Optional)

Note

You must be an admin or super user to configure Helix Artifacts.

This section describes how to secure your Helix Artifacts communications over SSL using the HTTPS protocol. This involves creating a Java keystore with a valid SSL certificate.

To secure Helix Artifacts with HTTPS SSL access:

  1. Create a CSR and private key with the following command:
  2. openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

  3. Provide answers to the questions about your organization and the domain you are installing the Helix Artifacts service on.
  4. Send the CSR to your Certificate provider to create a valid certificate and Chained Authority.
  5. View an existing CSR with the following command:
  6. openssl req -text -noout -verify -in server.csr

  7. Add the certificate to a java keystore and bundle any chained authority. For example with the following:
    • Certificate example.com.crt
    • Chained authority CA.crt
    • Private key server.key:

  8. Combine your machines certificate and private key to produce a PK12 formatted file:
  9. openssl pkcs12 -export -in example.com.crt -inkey server.key -name example.com -out example.com.p12
    Enter [password]

  10. Create/Add the PK12 file to the Java keystore:
  11. keytool -importkeystore -deststorepass [password] -destkeystore keystore.jks -srckeystore example.com.p12 -srcstoretype PKCS12
    Enter [password]

  12. Bundle the CA.crt:
  13. keytool -import -alias bundle -trustcacerts -file CA.crt -keystore keystore.jks
    Enter [password]

  14. Migrate to PKCS12:
  15. keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype pkcs12
    Enter [password]

  16. Copy the keystore to suitable location and check the file permissions, for example:

    • Windows: c:\Program Files\Perforce
    • Linux: /opt/perforce
  17. Make a note of the keystore location and password for use during the configuration of Helix Artifacts.
  18. Configure the Java Keystore Location, password, and switch to https, see Configuring the micro-services:
  19. Restart the Helix Artifacts service.
  20. Helix Artifacts is now configured for https.