Hadoop Security Guide
Also available as:
PDF
loading table of contents...

Enable SSL for HttpFS

Use the following steps to configure HttpFS to work over SSL.

  1. Edit the httpfs-env.sh script in the configuration directory and set HTTPFS_SSL_ENABLED to true.

    In addition, the following 2 properties can be defined (shown here with default values):

    • HTTPFS_SSL_KEYSTORE_FILE=$HOME/.keystore

    • HTTPFS_SSL_KEYSTORE_PASS=password

  2. In the HttpFS tomcat/conf directory, replace the server.xml file with the ssl-server.xml file.

  3. Create an SSL certificate for the HttpFS server. As the httpfs Unix user, use the Java keytool command to create the SSL certificate:

    $ keytool -genkey -alias tomcat -keyalg RSA

    You will be asked a series of questions in an interactive prompt. It will create the keystore file, which will be named .keystore and located in the httpfs user home directory.

    The password you enter for “keystore password” must match the value of the HTTPFS_SSL_KEYSTORE_PASS environment variable set in the httpfs-env.sh script in the configuration directory.

    The answer to “What is your first and last name?” (i.e. “CN”) must be the host name of the machine where the HttpFS Server will be running.

  4. Start HttpFS. It should work over HTTPS.

  5. Utilizing the Hadoop FileSystem API or the Hadoop FS shell, use the swebhdfs:// scheme. Make sure the JVM is picking up the truststore containing the public key of the SSL certificate if you are using a self-signed certificate.