Use a Self-Signed Certificate from Oozie Java Clients
When using a self-signed certificate, you must first install the certificate before the Oozie client can connect to the server.
- Install the certificate in the keychain:
- Copy or download the .cert file onto the client machine.
Run the following command (as root) to import the certificate into the JRE's
sudo keytool -import -alias tomcat -file path/to/certificate.cert -keystore <JRE_cacerts>.
$JRE_cacertsis the path to the JRE's certs file. It's location may differ depending on the Operating System, but its typically called cacerts and located at
$JAVA_HOME/lib/security/cacerts. It can be under a different directory in
$JAVA_HOME. The default password is
Java programs, including the Oozie client, can now connect to the Oozie Server using the self-signed certificate.
- In the connection strings change HTTP to HTTPS, for example, replace
https://oozie.server.hostname:11443/oozie.Java does not automatically redirect HTTP addresses to HTTPS.