Configuring the Master to Support Informatica TLS

The adapter supports the Informatica 9.6.1 TLS-enabled environment for secure communication between the adapter and the Informatica 9.6.1 Power Center.

Note: 9.6.1 Informatica libraries are not backward compatible. These libraries can only connect to Informatica 9.6.1 Power Center with or without enabling TLS.

To accommodate this feature, you must configure the TA Master for Windows and Unix environments as described in these sections:

• Configuring the Master for Informatica 9.6.1 TLS for Windows

• Configuring the Master for Informatica 9.6.1 TLS for Unix

Configuring the Master for Informatica 9.6.1 TLS for Windows

To configure the Master to support Informatica 9.6.1 TLS for Windows:

1. Stop the Master.

2. Copy the truststore files from the Informatica server’s security directory to the Master c:\infa [Informatica libraries in the TA Master]. Create a folder truststore and place the copied truststore files infa_truststore.jks and infa_truststore.pem in it.

   <INFA_HOME>\9.6.1\services\shared\security

   to

   C:\infa\truststore

3. Create an environment variable:

   INFA_TRUSTSTORE value: C:\infa\truststore

4. Optionally, if custom truststore files are used, then perform these steps:

   1. If a custom truststore with a custom SSL certificate is used, then copy the custom infa_truststore.jks and infa_truststore.pem files.

   2. Generate the encrypted Informatica truststore password for the infa_truststore.jks with the pmpasswd utility as follows:

      <INFA_HOME>/server/bin/pmpasswd <password_for_infa_truststore.jks_file> -e CRYPT_SYSTEM

      OR

      <INFA_CLIENT_HOME>\clients\PowerCenterClient\client\bin\pmpasswd.exe

      <password_for_infa_truststore.jks_file> -e CRYPT_SYSTEM

   3. Set these environment variables along with the INFA_DOMAINS_FILE variable so that it is available to the adapter process:

      • INFA_TRUSTSTORE // variable value with the directory that contains the truststore files named infa_truststore.jks and infa_truststore.pem.

      • INFA_TRUSTSTORE_PASSWORD // password encrypted with the pmpasswd utility.

5. Add <tlsEnabled>true</tlsEnabled> in domains.infa xml, corresponding to the TLS-enabled Server that will be configured as an adapter connection.

6. Run the test.bat in c:\infa.

7. Restart the Master.

Configuring the Master for Informatica 9.6.1 TLS for Unix

To configure the Master to support Informatica 9.6.1 TLS for Unix:

1. Stop the Master

2. Copy the truststore files from the Informatica server’s security directory to the Master /opt/infa [Informatica libraries in the TA Master]. Create a folder truststore and place the copied truststore files infa_truststore.jks and infa_truststore.pem in it.

   <INFA_HOME>\9.6.1\services\shared\security

   to

   /opt/infa/truststore

3. Create an environment variable in the profile:

   INFA_TRUSTSTORE value: /opt/infa/truststore

4. Optionally, if custom truststore files are used, then follow these steps:

   1. If a custom truststore with a custom SSL certificate is used, then copy the custom infa_truststore.jks and infa_truststore.pem files.

   2. Generate the encrypted informatica truststore password for the infa_truststore.jks with the pmpasswd utility as follows:

      <INFA_HOME>/server/bin/pmpasswd <password_for_infa_truststore.jks_file> -e CRYPT_SYSTEM

      OR

      <INFA_CLIENT_HOME>\clients\PowerCenterClient\client\bin\pmpasswd.exe

      <password_for_infa_truststore.jks_file> -e CRYPT_SYSTEM

   3. Set these environment variables along with the INFA_DOMAINS_FILE variable so that it is available to the adapter process:

      • INFA_TRUSTSTORE // variable value with the directory that contains the truststore files named infa_truststore.jks and infa_truststore.pem

      • INFA_TRUSTSTORE_PASSWORD // password encrypted with the pmpasswd utility

5. Add <tlsEnabled>true</tlsEnabled> in domains.infa xml, corresponding to the TLS-enabled Server that will be configured as an adapter connection.

6. Run the test.sh in /opt/infa.

7. Restart the Master.