Version: 2.4.3

Configure a secure TLS/SSL keystore connection to a remote agent

Follow the steps below to set up a keystore to enable Transport Layer Security (TLS)/Secure Sockets Layer (SSL) between Hive Migrator and your remote agents.

Add your agent

Add your remote agent:

note

It may be preferable to set up both client and server side keystores on one node and copy them to their relevant locations after configuration.

Create keystore and generate key for remote server side communication

Generate the keystore:

keytool -genkey -alias server -storetype JKS -keyalg RSA -keysize 2048 -keystore server.jks -validity 365 -ext SAN="dns:<hostname of remote server node>"

Create keystore and generate key for client side (Hive Migrator) communication

Generate the keystore:

keytool -genkey -alias client -storetype JKS -keyalg RSA -keysize 2048 -keystore client.jks -validity 365 -ext SAN="dns:<hostname of HVM node>"

Exchange client and server certificates

Add the client side key to the server keystore:

keytool -importkeystore -srckeystore client.jks -destkeystore server.jks -srcstoretype JKS -deststoretype JKS -srcstorepass <client keystore password> -deststorepass <server keystore password> -srcalias client -destalias client

Add the server side key to the client keystore:

keytool -importkeystore -srckeystore server.jks -destkeystore client.jks -srcstoretype JKS -deststoretype JKS -srcstorepass <server keystore password> -deststorepass <client keystore password> -srcalias server -destalias server

Update `agent.yaml` on the server side

Update /etc/wandisco/hivemigrator-remote-server/agent.yaml on the server side by adding the following properties, replace the values with your own:
Example: agent properties
```
agentType: "HIVE"
remoteAgentConfig:
  port: 5052
  host: "exampleuser02-vm2.example-domain.com"
  sslEnabled: true
  certificateStorageType: "KEYSTORE"
  keyStoreConfig:
    path: "server.jks"
    password: "<keystore_password>"
    certificateAlias: "server"
    trustedCertificateAlias: "client"
    type: "JKS"
hiveAgentConfig: {}
fileSystemId: "targetHDFS"
defaultFsOverride: "hdfs://nameservice02"
preferredOperationMode: "LISTENING"
```
note
Update the certificateStorageType value from FILE to KEYSTORE.
info
Data Migrator doesn’t automatically store your TLS/SSL keystore password after adding a remote agent. Add your keystore password manually to /etc/wandisco/hivemigrator-remote-server/agent.yaml by updating the password property in the keyStoreConfig section.
Restart the remote server to apply your new settings:
```
service hivemigrator-remote-server restart
```

Update `application.properties` on the client side

Update /etc/wandisco/hivemigrator/application.properties by adding the following settings:

Example hivemigrator application properties
hivemigrator.keystore.path=client.jks
hivemigrator.keystore.password=<keystore_password>
hivemigrator.keystore.certificateAlias=client
hivemigrator.keystore.trustedCertificateAlias=server
hivemigrator.keystore.type=JKS

Restart the Hive Migrator service:
```
service hivemigrator restart
```

Add your agent​

Create keystore and generate key for remote server side communication​

Create keystore and generate key for client side (Hive Migrator) communication​

Exchange client and server certificates​

Update agent.yaml on the server side​

Update application.properties on the client side​