Skip to main content
Skip table of contents

Certificate management and remote connections

Overview

The server is the Delphix engine and the client is the remote host. This can be used for SnapSync, Oracle V2P (Virtual to Physical), and remote host connections. Once either of these options is enabled, the steps for adding certificate must be done for all environments in the engine.

Enabling server authentication 

To enable server authentication, follow the below steps:

  1. Replace the desired certificate for DSP (Delphix Session Protocol) in the engine KeyStore. For more details, refer to KeyStore Settings

  2. Create a JKS or PKCS#12 keystore on the remote host with the full CA chain of the replaced certificate. Make sure the created keystore has permissions such that it is readable by all environment users configured in Delphix, and enter the keystore details into the host’s truststore configuration on the engine. For more details, refer to Host DSP Configuration

  3. Select Perform server (this engine) authorization for remote connections.

Altering the authentication settings will require DSP keystore and truststore parameters to be configured for all existing environments, if not the refreshing of existing host environments will fail.

Enabling client authentication

1. DSP connector (for both Windows and Unix hosts)

To enable client authentication using DSP connector, first enable server authentication (refer to the above steps), then follow the below steps:

  1. Create a JKS or PKCS#12 keystore on the remote host with the desired key pair. Make sure the created keystore has permissions such that it is readable by all environment users configured in Delphix, then enter the keystore details into the host’s keystore configuration on the engine. For more details, refer to Host DSP Configuration

  2. Add the full CA chain of the remote host’s key pair to the TrustStore on the engine. For more details, refer to TrustStore Settings

  3. Select Perform Client (the target host) authorization for remote connections.

  4. Once the configurations have been set as desired, you will be presented with a summary page. Clicking Submit will trigger a stack restart, which is necessary for the configuration changes to take effect. Note: all jobs will be stopped, but VDBs will continue to run.

2. Connector installer connector (specific for Windows hosts)   

There are two ways to generate self signed certificates :

a) By Installing the Delphix Connector, which will by default create certificates.

b) By using Self-signed Certificates

To enable client authentication using connector installer, you must perform the below steps for all Windows hosts, which are being added to the Delphix Engine:

  1. Execute the below command to generate the PEM file for the Delphix Connector (provided or self-signed)Java KeyStore file. Also, input the store password from the DelphixConnector.properties when prompted.

    CODE
    keytool -exportcert -alias DelphixConnector-{UUID_From_DelphixConnector.properties} -keystore "{Installation_Dir}\connector\DelphixConnector.jks" -rfc -file {Custom_PEM_File_Name}
  2. Copy the PEM’s file content and paste it while adding the certificate into the Delphix Engine.

  3. Add the certificate to Delphix engine using the sysadmin login and select Network Security

  4. Select Add Certificate and upload the certificate.

  5. Once the certificate is added, enable validateWindowsConnectorCertificate from the Delphix engine CLI. This will restart the Delphix engine.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.