Enabling HTTPS secure connection between Hyperscale and Continuous Compliance

This page outlines the necessary configurations required to enable secure communication between Hyperscale and Continuous Compliance masking engines using HTTPS. Hyperscale supports secure HTTPS calls to establish connectivity with engines. To ensure successful communication, certain setup steps and configuration parameters must be correctly defined.

When registering a masking engine in Hyperscale, you must select the HTTPS option to enable secure communication. Additionally, a properly configured truststore is required so Hyperscale can validate the engine’s SSL/TLS certificate. This includes providing the truststore file name, password, and any other relevant truststore parameters during engine registration.

Truststore for HTTPS

For Kubernetes and OpenShift deployments

  1. Retrieve the public certificate of the Certificate Authority (CA) that signed the engine’s HTTPS certificate in PEM format. If the certificate(s) are not readily available, contact your IT team.
    To Base64 encode the certificate, use the following command:

Copy 
cat mycertfile.pem | base64 -w 0

  1. Copy the Base64 encoded value from step 1 and configure it in the values.yaml file, under the truststoreCertificates section as illustrated below:

Copy 
truststoreCertificates:
  <certificate_file_name>.crt: <base64 encode certificate string value in single line>

 

  1. This example illustrates how to configure trusted certs for multiple engines:

Copy 
truststoreCertificates:
  engine1.crt: MIIDzTCCArWgAwIBAgIUX... (base64-encoded string)
  engine2.crt: MIIEFTCCAv2gAwIBAgIUc...

 

For Docker Compose deployments

  1. Retrieve the public certificate of the Certificate Authority (CA) that signed the engine’s HTTPS certificate in PEM format. If the certificate(s) are not readily available, contact your IT team.
    Place your files on the Hyperscale host at the below location:

Copy 
<LOCAL_PATH>/cert/engine1.crt

 

  1. Under masking-service, add a volumes entry as illustrated below in docker-compose.yaml:

Copy 
volumes:
<LOCAL_PATH>/cert:/etc/config/cert

  1. Restart Hyperscale.