Set up self-signed certificates

You can enable SSL for the DAS Engine using a self-signed certificate. Self-signed certificates are primarily used in test environments. For a production environment, you should use a certificate from a trusted CA.

You must have root user access to the clusters on which DAS Engine is installed.

Generate a key pair and keystore for use with DAS Engine.

keytool -genkey -alias jetty -keystore <certificate_file_path> -storepass <keystore_password> -dname 'CN=das.host.com, OU=Eng, O=ABC Corp, L=Santa Clara, ST=CA, C=US' -keypass <key_password> -keyalg RSA

Note

Ignore the following warning:

The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore <keystore_file_path> -destkeystore <keystore_file_path> -deststoretype pkcs12".

Follow the prompts and enter the required information.

CN must be the FQDN of the DAS Engine host.
Default value for the key password is password.
If you change the password, then you have to update the DAS configuration.

Following is a sample command output:

keytool -genkey -alias jetty -keystore ~/tmp/ks -storepass password
What is your first and last name?
  [Unknown]:  das.host.com
What is the name of your organizational unit?
  [Unknown]:  Eng
What is the name of your organization?
  [Unknown]:  ABC Corp
What is the name of your City or Locality?
  [Unknown]:  Santa Clara
What is the name of your State or Province?
  [Unknown]:  CA
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=das.host.com, OU=Eng, O=ABC Corp, L=Santa Clara, ST=CA, C=US correct?
  [no]:  yes

Enter key password for <jetty>
  (RETURN if same as keystore password):

	Note
	You will have to use this keystore file while configuring the DAS Engine for TLS in Ambari.