Starting with version 4.7.0 it is possible to configure the collector to connect to WITSML sources that use HTTPS, thus requiring authentication using certificates.
The collector configuration is done through properties (liverig.properties
) that define where are the files containing the required certificates and their respective passwords so that the software can have access to the necessary data. The setup procedure is described in the following steps:
-
Create and configure the following properties:
witsml.certificates
- the path where the WITSML certificates are. It is not mandatory and have a default value defined as$data_path/conf/witsml
, wheredata_path
is a property inliverig.properties
file;witsml.keystore
- the name of the WITSML client keystore file. This file should contain the client's private key and the certificate to be used to authenticate. The default value iswitsml.jks
;witsml.keypass
- the keystore password. This password is used to read the keystore. The default value isliverig
;witsml.truststore
the name of the WITSML truststore file. This file should contain the certificates the client can trust. The default value iswitsml-trust.jks
. To disable the validation of server certificates, set the propertyignore_invalid_witsml_certificate
totrue
.witsml.trustpass
- the truststore password. This password is used to read the truststore and hasliverig
as default value.
-
Import the client certificate and key into the keystore file using the commands bellow. In this example the certificate and key are provided within a
PEM
file (client.pem
)$ openssl pkcs12 -export -in client.pem -inkey client.pem -name client > client.p12 $ keytool -importkeystore -srckeystore client.p12 -destkeystore witsml.jks -srcstoretype pkcs12 -alias client
-
Configure the
sources.xml
, adding the WITSML client source using the HTTPS endpoint which demands certificate-based authentication.