How can I configure TLS for the Find Duplicates Workbench

Henry Simms
Henry Simms Administrator
edited December 2023 in General

What are the steps to configure an SSL certificate for the Find Dupes Workbench site? I already have the Workbench installed as part of Data Studio and running on http://localhost:26312/

Tagged:

Best Answer

  • Matt Berry
    Matt Berry Experian Employee
    edited September 20 Answer ✓

    Hi Henry,

    In order to switch over to using SSL you'll need to edit the configuration file for the workbench service called 'application.properties', optionally change the port the service runs on and then configure it with your SSL certificate.

    application.properties

    This file can be found in the installation root directory, by default (when installed as part of a Data Studio installation) 'C:\Program Files\Experian\Aperture Data Studio <version>'

    Setting Port

    To define the port to run the Workbench on, edit the following line to application.properties:

    server.port= <your port>

    So, for example, the common SSL port 8443 would look like:

     server.port=8443
    • Now restart the service and it should run on the new port defined in application.properties.

    Adding an SSL certificate

    Note that the certificate used will need to be in keystore format (e.g. .pkcs12 .pfx .p12, jks). To list the certs in a PKCS12 keystore (e.g. to get the alias name if you don't know what it is), run:

    keytool -list -v -keystore "{path to keystore certificate}"

    To configure the workbench to use TLS, add the following lines to application.properties, and restart the service:

    server.ssl.key-alias={the alias that identifies the key in the key store}
server.ssl.key-store=C:/users/path/to/pfx/file.pfx
server.ssl.key-store-type=PKCS12
server.ssl.key-store-password=password
server.ssl.key-password=password

    When Upgrading the Workbench

    The Find Duplicate Workbench is upgraded as part of the Data Studio installer upgrade process. Settings from the Workbench are retained automatically

Answers

  • Henry Simms
    Henry Simms Administrator

    Thanks, that worked!

  • Henry Simms
    Henry Simms Administrator
    edited September 20

    A couple of things I noticed during setup:

    • For testing, the service can be started up on the commandline with java -jar workbench-3.10.9.001.jar (replace the version accordingly). The jar can be found in the Data Studio installation folder root directory
    • The Workbench logs errors to the \logs\workbench.log file in the Data Studio installation root directory. You may only see logging if you run the workbench from commandline.
    • The secret for your keystore is server.ssl.key-store-password and the secret for your ssl key is server.ssl.key-password. If the key password isn’t set during certificate creation, then server.ssl.key-password and server.ssl.key-store-password will have the same values.
    • Note that the path to the pfx file in server.ssl.key-store must use forward-slashes, rather than Windows-standard back-slash

  • Henry Simms
    Henry Simms Administrator

    I have updated Matt's original answer following improvements that make Workbench config easier:

    1. Port is no longer defined in the service's binPath, and is always take from application.properties
    2. application.properties exists by default
    3. Upgrades retain the application.properties settings

    By following the above instructions I was able to configure the workbench to run with TLS

    image.png

Categories