You can enable SSL for the DLM Engine using a self-signed certificate. Self-signed
certificates are primarily used in test environments. For a production environment, you
should use a certificate from a trusted CA.
You must have root user access to the clusters on which DLM
Engine is installed.
-
Log in as root user on the cluster with DLM Engine installed.
-
Generate a key pair and keystore for use with DLM Engine.
keytool -genkey -alias jetty -keystore <certificate_file_path>
-storepass <keystore_password> -dname 'CN=beacon.host.com, OU=Eng, O=ABC Corp,
L=Santa Clara, ST=CA, C=US' -keypass <key_password>
Follow the prompts and enter the required information.
Following is sample command
output:
keytool -genkey -alias jetty -keystore ~/tmp/ks -storepass password
What is your first and last name?
[Unknown]: beacon.host.com
What is the name of your organizational unit?
[Unknown]: Eng
What is the name of your organization?
[Unknown]: ABC Corp
What is the name of your City or Locality?
[Unknown]: Santa Clara
What is the name of your State or Province?
[Unknown]: CA
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=beacon.host.com, OU=Eng, O=ABC Corp, L=Santa Clara, ST=CA, C=US correct?
[no]: yes
Enter key password for <jetty>
(RETURN if same as keystore password):
| Note |
---|
You will have to use this keystore file while configuring the DLM Engine
for TLS in Ambari. |
-
Export the certificate.
keytool -exportcert -alias jetty -keystore /my/file.keystore -file <certificate file path> -storepass <keystore_password> -rfc
Configure the keystore for DataPlane use.