Enable SSL on the HBase Web UI
How to enable SSL and TLS on an HBase Web UI.
- Create and install an SSL certificate for HBase, for example to use a self-signed certificate:
-
Create an HBase keystore:
su -l hbase -c "keytool -genkey -alias hbase -keyalg RSA -keysize 1024 -keystore hbase.jks"
. -
At the keytool command prompt:
- Enter the key password
- Enter the keystore password
NoteAdd these two specified values to the corresponding properties in hbase-site.xml in step 2.
-
Export the certificate:
su -l hbase -c "keytool -exportcert -alias hbase -file certificate.cert -keystore hbase.jks"
. - (Optional) Add certificate to the Java keystore:
- If you are not root run:
sudo keytool -import -alias hbase -file certificate.cert -keystore /usr/jdk64/jdk1.7.0_45/jre/lib/security/cacerts
-
If you are root:
keytool -import -alias hbase -file certificate.cert -keystore /usr/jdk64/jdk1.7.0_45/jre/lib/security/cacerts
-
Create an HBase keystore:
- Add the following properties to the hbase-site.xml configuration file on
each node in your HBase cluster:
<property> <name>hbase.ssl.enabled</name> <value>true</value> </property> <property> <name>hadoop.ssl.enabled</name> <value>true</value> </property> <property> <name>ssl.server.keystore.keypassword</name> <value>key-password</value> </property> <property> <name><ssl.server.keystore.password</name> <value>keystore-password</value> </property> <property> <name>ssl.server.keystore.location</name> <value>/tmp/server-keystore.jks</value> </property>
- Restart all HBase nodes in the cluster.