Use the following procedure to configure the Oozie client to connect using SSL. The
first two steps are only necessary if you are using a self-signed Certificate. Also, these
steps must be performed on every machine on which you intend to use the Oozie
Client.
- Copy or download the
.cert
file onto the client machine. - Run the following command (as root) to import the certificate into the JRE keystore. This will
allow any Java program, including the Oozie client, to connect to the Oozie Server
using the self-signed certificate.
sudo keytool -import -alias tomcat -file
path/to/certificate.cert -keystore ${JRE_cacerts}
.
Where ${JRE_cacerts}
is the path to the JRE
.certs
file. Its location may differ depending on the
operating system, but its typically named cacerts
and is located
at ${JAVA_HOME}/lib/security/cacerts
, but it may be in a
different directory under ${JAVA_HOME}
(you may want to create a
backup copy of this file first). The default password is
changeit
.
- When using the Oozie Client, you must use
https://oozie.server.hostname:11443/oozie
rather than
http://oozie.server.hostname:11000/oozie
-- Java will not
automatically redirect from the HTTP address to the HTTPS address.