Hadoop Security Guide
Also available as:
PDF
loading table of contents...

Setting Up Trust for the Knox Gateway Clients

In order for clients to trust the certificates presented to them by the gateway, they will need to be present in the client's truststore as follows:

  1. Export the gateway-identity cert from the $gateway /data/security/keystores/gateway.jks using java keytool or another key management tool.

  2. Add the exported certificate to the cacerts or other client specific truststore or the gateway.jks file can be copied to the clients to be used as the truststore.

    [Note]Note

    If taking this approach be sure to change the password of the copy so that it no longer matches the master secret used to protect server side artifacts.