Use a Self-Signed Certificate from Oozie Java Clients

When using a self-signed certificate, you must first install the certificate before the Oozie client can connect to the server.

1. Install the certificate in the keychain:
   1. Copy or download the .cert file onto the client machine.
   2. Run the following command (as root) to import the certificate into the JRE's keystore: sudo keytool -import -alias tomcat -file path/to/certificate.cert -keystore <JRE_cacerts>.

      Where $JRE_cacerts is the path to the JRE's certs file. It's location may differ depending on the Operating System, but its typically called cacerts and located at $JAVA_HOME/lib/security/cacerts. It can be under a different directory in $JAVA_HOME. The default password is changeit.

      Java programs, including the Oozie client, can now connect to the Oozie Server using the self-signed certificate.

2. In the connection strings change HTTP to HTTPS, for example, replace http://oozie.server.hostname:11000/oozie with https://oozie.server.hostname:11443/oozie.
   Java does not automatically redirect HTTP addresses to HTTPS.