Configuring Wire Encryption
Also available as:
PDF
loading table of contents...

Configure the Oozie Client to Connect Using SSL

Use the following procedure to configure the Oozie client to connect using SSL. The first two steps are only necessary if you are using a self-signed Certificate. Also, these steps must be performed on every machine on which you intend to use the Oozie Client.

  1. Copy or download the .cert file onto the client machine.
  2. Run the following command (as root) to import the certificate into the JRE keystore. This will allow any Java program, including the Oozie client, to connect to the Oozie Server using the self-signed certificate.sudo keytool -import -alias tomcat -file path/to/certificate.cert -keystore ${JRE_cacerts}.

    Where ${JRE_cacerts} is the path to the JRE .certs file. Its location may differ depending on the operating system, but its typically named cacerts and is located at ${JAVA_HOME}/lib/security/cacerts, but it may be in a different directory under ${JAVA_HOME} (you may want to create a backup copy of this file first). The default password is changeit.

  3. When using the Oozie Client, you must use https://oozie.server.hostname:11443/oozie rather than http://oozie.server.hostname:11000/oozie -- Java will not automatically redirect from the HTTP address to the HTTPS address.