Configuring Wire Encryption
Also available as:
loading table of contents...

Create Self-Signed Certificate with Specific Hostname for Evaluations

How to create a self-signed certificate with a specific hostname for evaluations, when configuring SSL for Knox.

In order to continue to use self-signed certificates for larger evaluation deployments, a certificate can be generated for a specific hostname. This will allow clients to properly verify the hostname presented in the certificate as the host that they requested in the request URL.
  1. >Create a certificate: where $gateway-hostname is the FQDN of the Knox Gateway: cd $gateway bin/knoxcli.cmd create-cert --hostname $gateway-hostname.
  2. Export the certificate in PEM format: keytool -export -alias gateway-identity -rfc -file $certificate_path -keystore $gateway /data/security/keystores/gateway.jks.

    cURL option accepts certificates in PEM format only.

  3. Restart the gateway: cd $gateway bin/ stop bin/ start.
  4. After copying the certificate to a client, use the following command to verify: curl --cacert $certificate_path -u $username : $password https:// $gateway-hostname : $gateway_port /gateway/ $cluster_name /webhdfs/v1?op=GETHOMEDIRECTORY.