How can I configure TLS for the Find Duplicates Workbench

Henry SimmsHenry Simms Experian Super Contributor
edited October 5 in General discussion

What are the steps to configure an SSL certificate for the Find Dupes Workbench site? I already have the Workbench installed as part of Data Studio and running on http://localhost:26312/

Best Answer

  • Matt BerryMatt Berry Experian Employee
    edited October 6 Answer ✓

    Hi Henry,

    In order to switch over to using SSL you'll need to create a new configuration file for the workbench service called 'application.properties', optionally change the port the service runs on and then configure it with your SSL certificate

    Creating application.properties

    This needs to be created in the installation root directory, by default (when installed as part of a Data Studio installation) 'C:\Program Files\Experian\Aperture Data Studio <version>'

    Setting Port

    To define the port to run the Workbench on, add the following line to application.properties:

    server.port= <your port>
    

    So, for example, the common SSL port 8443 would look like:

     server.port=8443
    

    You will now need to remove the port number from the Workbench Service’s “path to executable”, to prevent it over-riding the value in application.properties:

    1. Go to Start > Run > Type “services.msc” > Press OK.
    2. Right click on the Experian Find Duplicates Workbench service and select Properties. If the workbench service is running, stop it first.
    3. Make a note of the Service name, including version number.
    4. Copy the full value under “Path to executable” and paste it into a text editor.
    5. Remove the “--server.port=26312” from the “path to executable”
    6. Open a command prompt and run the following command to remove the existing workbench service:
    sc delete "{Service name including version number from step 3}" 
    
    1. Run the following command after replacing the service name and binpath placeholders (to create the new service). Note that the space between "binpath=" and the double quote is intentional and required:
    sc create "{Service name including version number from step 3}" binpath= "{value from step 5}" 
    
    1. Refresh the Services app to see the new service:
    2. You may want to switch the startup type for the service to Automatic.

    Now restart the service and it should run on the new port defined in application.properties.

    Adding an SSL certificate

    Note that the certificate used will need to be in keystore format (e.g. .pkcs12 .pfx .p12, jks). To list the certs in a PKCS12 keystore (e.g. to get the alias name if you don't know what it is), run:

    keytool -list -v -keystore "{path to keystore certificate}"
    

    To configure the workbench to use TLS, add the following lines to application.properties, and restart the service:

    server.ssl.key-alias={the alias that identifies the key in the key store}
    server.ssl.key-store=C:/users/path/to/pfx/file.pfx
    server.ssl.key-store-type=PKCS12
    server.ssl.key-store-password=password
    server.ssl.key-password=password
    

    When Upgrading the Workbench

    The Find Duplicate Workbench is upgraded as part of the Data Studio installer upgrade process. However settings from the Workbench are not currently retained automatically and must be moved manually from the old version to the new one

    These steps guide you through that process, and assume you have already configured the Workbench to use an application.properties file by following the steps in the sections above. 

    Before Upgrade:

    Prior to running the upgrade process, make a copy of the application.properties file and store it somewhere outside the installation root directory

    After Upgrade:

    1. First, copy the application.properties file back into the new in installation root directory that was created on install, by default: C:\Program Files\Experian\Aperture Data Studio 
    2. As with the original set-up steps, you will now need to remove the port number from the Workbench Service’s “path to executable”, to prevent it over-riding the value in application.properties (steps above)

Answers

  • Henry SimmsHenry Simms Experian Super Contributor

    Thanks, that worked!

  • Henry SimmsHenry Simms Experian Super Contributor
    edited October 17

    A couple of things I noticed during setup:

    • The Workbench logs errors to the \logs\workbench.log file in the Data Studio installation root directory
    • For testing, the service can be started up on the commandline with java -jar workbench-3.7.6.001.jar (replace the version accordingly. The jar can be found in the Data Studio installation folder root directory
    • The secret for your keystore is server.ssl.key-store-password and the secret for your ssl key is server.ssl.key-password. If the key password isn’t set during certificate creation, then server.ssl.key-password and server.ssl.key-store-password will have the same values.
    • Note that the path to the pfx file in server.ssl.key-store must use forward-slashes, rather than Windows-standard back-slash
Sign In or Register to comment.