Requirements for Secure Communication within the Domain
Before you enable secure communication within the domain, ensure that the following requirements are met:
- You created a certificate signing request (CSR) and private key.
- You can use keytool or OpenSSL to create the CSR and private key.
- If you use RSA encryption, you must use more than 512 bits.
- You have a signed SSL certificate.
- The certificate can be self-signed or CA signed. Informatica recommends a CA signed certificate.
- You imported the certificate into keystores.
- You must have a keystore in PEM format named
infa_keystore.pem and a keystore in JKS format named
infa_keystore.jks.
The password for the keystore in JKS format must be the same as the private key pass phrase used to generate the SSL certificate.
- You imported the certificate into truststores.
- You must have a truststore in PEM format named
infa_keystore.pem and a keystore in JKS format named
infa_keystore.jks.
- The keystores and truststores are in the correct directory.
- If you enable secure communication during installation, the keystore and truststore must be in a directory that is accessible to the installer.
- If you enable secure communication after installation, the keystore and truststore must be in a directory that is accessible to the command line programs.
Important: If you push processing to a compute cluster and the Data Integration Service runs on a grid, import the certificates one time and then copy them to each Data Integration Service on the grid. Each time you import a certificate, the contents of the certificate are identical, but the hex values are different. As a result, concurrent mappings that run on the grid fail with initialization errors.
After you secure the domain, configure the Informatica client applications to work with a secure domain.
