Also available as:

Creating and Managing SSL Certificates

This section contains the following topics:

  • Obtaining a certificate from a third-party Certificate Authority (CA)

  • Creating an internal CA (OpenSSL)

  • Installing Certificates in the Hadoop SSL Keystore Factory (HDFS, MapReduce, and YARN)

  • Using an internal CA (OpenSSL)


For more information about the keytool utility, see the Oracle keytool reference: keytool - Key and Certificate Management Tool.

For more information about OpenSSL, see OpenSSL Documentation.


Java-based Hadoop components such as HDFS, MapReduce, and YARN support JKS format, while Python based services such as Hue use PEM format.