Use a Self-Signed Certificate from Oozie Java Clients
When using a self-signed certificate, you must first install the certificate before the Oozie client can connect to the server.
- Install the certificate in the keychain:
- Copy or download the .cert file onto the client machine.
-
Run the following command (as root) to import the certificate into the JRE's
keystore:
sudo keytool -import -alias tomcat -file path/to/certificate.cert -keystore <JRE_cacerts>
.Where
$JRE_cacerts
is the path to the JRE's certs file. It's location may differ depending on the Operating System, but its typically called cacerts and located at$JAVA_HOME
/lib/security/cacerts. It can be under a different directory in$JAVA_HOME
. The default password ischangeit
.Java programs, including the Oozie client, can now connect to the Oozie Server using the self-signed certificate.
- In the connection strings change HTTP to HTTPS, for example, replace
http://oozie.server.hostname:11000/oozie
withhttps://oozie.server.hostname:11443/oozie
.Java does not automatically redirect HTTP addresses to HTTPS.