Skip to content

DataServer Advanced Configuration

Enable proxy SSL

To enable the Data Access Server proxy with self-signed SSL, set the value of the DATASERVER_PROXY_SSL property to "true" in the file vars.ssl.yml:

YAML
1
DATASERVER_PROXY_SSL: "true"
To enable the proxy with signed SSL, follow these steps:

  1. Copy the following keys to ~/privacera/privacera-manager/config/ssl:
    • Signed PEM Full Chain
    • Signed PEM Private Key
  2. Add the following properties in vars.ssl.yml:
    YAML
    1
2
3
4
5
    DATASERVER_SSL_SELF_SIGNED: "false"
DATASERVER_HOST_NAME: "<PLEASE_CHANGE>"
DATASERVER_SSL_SIGNED_PEM_FULL_CHAIN: "<PLEASE_CHANGE>"
DATASERVER_SSL_SIGNED_PEM_PRIVATE_KEY: "<PLEASE_CHANGE>"
DATASERVER_SSL_SIGNED_CERT_FORMAT: "<PLEASE_CHANGE>"
  3. (Optional) If your CA certificate has been generated with a private key, please copy the Signed Root CA Public Key to the following location: ~/privacera/privacera-manager/config/ssl, and then add the following:
    YAML
    1
    DATASERVER_SSL_SIGNED_ROOT_CA_PUBLIC_KEY: "<PLEASE_CHANGE>"

Disable proxy SSL

To disable the Data Access Server proxy SSL, set the value of DATASERVER_PROXY_SSL to "false" in vars.ssl.yml.

YAML
1
DATASERVER_PROXY_SSL: "false"
When switching between Dataserver SSL and non-SSL, or between self-signed and signed, you must remove the previously generated Dataserver SSL configuration before running the Privacera Manager update.

To remove the previously generated SSL configuration, run the following command:

Bash
1
rm -rf ~/privacera/privacera-manager/config/ssl/dataserver*

Comments