Set up self-signed certificates

You can enable SSL for the DLM Engine using a self-signed certificate. Self-signed certificates are primarily used in test environments. For a production environment, you should use a certificate from a trusted CA.

1. Log in as root user on the cluster with DLM Engine installed.
2. Generate a key pair and keystore for use with DLM Engine.

   keytool -genkey -alias jetty -keystore <certificate_file_path> 
   -storepass <keystore_password> -dname 'CN=beacon.host.com, OU=Eng, O=ABC Corp, 
   L=Santa Clara, ST=CA, C=US' -keypass <key_password>

   Follow the prompts and enter the required information.

   • CN must be the FQDN of the DLM Engine host
   • Default value for the key password is password.

     If you change the password then you have to update the DLM configuration.

   Following is sample command output:

   keytool -genkey -alias jetty -keystore ~/tmp/ks -storepass password
   What is your first and last name?
     [Unknown]:  beacon.host.com
   What is the name of your organizational unit?
     [Unknown]:  Eng
   What is the name of your organization?
     [Unknown]:  ABC Corp
   What is the name of your City or Locality?
     [Unknown]:  Santa Clara
   What is the name of your State or Province?
     [Unknown]:  CA
   What is the two-letter country code for this unit?
     [Unknown]:  US
   Is CN=beacon.host.com, OU=Eng, O=ABC Corp, L=Santa Clara, ST=CA, C=US correct?
     [no]:  yes
   
   Enter key password for <jetty>
     (RETURN if same as keystore password):
   

   	Note
   	You will have to use this keystore file while configuring the DLM Engine for TLS in Ambari.

3. Export the certificate.

   keytool -exportcert -alias jetty -keystore /my/file.keystore -file <certificate file path> -storepass <keystore_password> -rfc