Run the following command to create a self-signing rootCA and import the rootCA into client truststore:
openssl genrsa -out $clusterCA.key 2048 openssl req -x509 -new -key $clusterCA.key -days 300 -out $clusterCA keytool -importcert -alias $clusterCA -file $clusterCA -keystore $clustertruststore -storepass $clustertruststorekey
![[Note]](../common/images/admon/note.png)
Note Ensure that the ssl-client.xml on every host configure to use this ‘
$clustertrust’ store. When configuring with Hive point to this file, and for all other services install the certificate in the Java truststore.For each host, sign certreq file with the rootCA:
openssl x509 -req -CA $clusterCA.pem -CAkey $clusterCA.key -in $host.cert -out $host.signed -days 300 -CAcreateserial
On each host, import both rootCA and the signed cert back in:
keytool -keystore $hostkeystore -storepass $hoststorekey -alias $clusterCA -import -file cluseter1CA.pem keytool -keystore $hostkeystore -storepass $hoststorekey -alias `hostname -s` -import -file $host.signed -keypass $hostkey
