Hitachi Content Platform​

Hi James,

You can download the system certificate using cli:

[root@hci admin]# /opt/hci/cli/admin/admincli -s localhost -u admin -p adminPassword -c getSystemCertificate

Thank you

Hi Javier, when I run the command it shows me the certificate code, how do I then use that to create a .crt file?

Thanks 

Use openssl (/source/index.html )

Hi Jon, is that to create a new certificate or download the current one?

Thanks

create a new one. If you are having trouble with the default cert created by HCI on install (the self signed one) then create a new one using openssl and upload/replace the default one with it.

Okay thanks, where is the location of the certificate in the file system?

You can use the admincli -c getSystemCertificate or use the following openssl command to download the HCI certificate.

echo -n | openssl s_client -connect <HCI_Instance_IP/DNS>:8000 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > hcircert.crt 

The above command will downlaod the cert contents into hcicert.crt which you can use to import into your truststore.

The admincli command also gives you the same result but the response is JSON so you have to parse out the "pemEncoded" value in the json and write to a .crt file.

This is what I found in my notes:

Importing HCI certificate into the Pentaho instance

o Add a certificate in the browser by opening the URL of HCI Admin in firefox.

o Go to Options -> Advanced -> Certificates -> View Certificates.

o In the popup goto Authorities.

·        Look for "Hitachi Data Systems" and export certificate in (.der) extension.

     o Run the following command on machine running Pentaho to add certificate in the cacerts file:

·        keytool -import -alias hci-temporary-cert -keystore C:\Pentaho\java\lib\security\cacerts -file hci-temporary-cert.der

·        Default Password : changeit

     o Run the following command to export the cacerts file to export in txt format and verify the certificate.

·        keytool -list -v -keystore C:\Pentaho\java\lib\security\cacerts > java_cacerts.txt

·        Default Password : changeit

·        Restart PDI (Pentaho Data Integration)

·        Note for WebSpoon users :  Refer following document for commands:

https://community.hds.com/videos/1659

For importing certificate, use the following path of cacert on bash prompt of WebSpoon docker container: /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/cacerts

Then restart WebSpoon docker container.

Hope it works.

Brgds,

Eckhard Roeser

Hitachi Vantara

James,

This is another very good writing should give you all you need.

https://community.hitachivantara.com/community/developer-network/hitachi-content-intelligence/employees/blog/2019/06/06/hitachi-content-intelligence-pentaho-data-integration-better-together?commentID=12831&et=blogs.comment.created#comment-12831

Best

Eckhard Roeser

Hitachi Vantara

That's great thanks