The default SSL configuration makes all Oozie URLs use HTTPS except for the JobTracker
callback URLs. This simplifies the configuration because no changes are required outside of
Oozie. Oozie inherently does not trust the callbacks, they are used as hints.
- If Oozie server is running, stop Oozie.
- Change the Oozie environment variables for HTTPS if required:
- OOZIE_HTTPS_PORT set to Oozie HTTPS port. The default value is 11443.
- OOZIE_HTTPS_KEYSTORE_FILE set to the keystore file that contains the
certificate information. Default
value $<HOME>/.keystore, that is the home
directory of the Oozie user.
- OOZIE_HTTPS_KEYSTORE_PASS set to the password of the keystore file. Default
value password.
| Note |
---|
See “Oozie Environment Setup” (link below) for more details.
|
- Run the following command to enable SSL on Oozie:
su -l oozie -c
"/usr/hdp/current/oozie-server/bin/oozie-setup.sh prepare-war
-secure"
. - Start the Oozie server.