Configure the Oozie Client to Connect Using SSL
Use the following procedure to configure the Oozie client to connect using SSL. The first two steps are only necessary if you are using a self-signed Certificate. Also, these steps must be performed on every machine on which you intend to use the Oozie Client.
Copy or download the
.cert
file onto the client machine.Run the following command (as root) to import the certificate into the JRE keystore. This will allow any Java program, including the Oozie client, to connect to the Oozie Server using the self-signed certificate.
sudo keytool -import -alias tomcat -file path/to/certificate.cert -keystore ${JRE_cacerts}
Where
${JRE_cacerts}
is the path to the JRE.certs
file. Its location may differ depending on the operating system, but its typically namedcacerts
and is located at${JAVA_HOME}/lib/security/cacerts
, but it may be in a different directory under${JAVA_HOME}
(you may want to create a backup copy of this file first). The default password ischangeit
.When using the Oozie Client, you must use
https://oozie.server.hostname:11443/oozie
rather thanhttp://oozie.server.hostname:11000/oozie
-- Java will not automatically redirect from the HTTP address to the HTTPS address.