Configuring Wire Encryption
Also available as:
PDF
loading table of contents...

Enable SSL on the HBase Web UI

How to enable SSL and TLS on an HBase Web UI.

  1. Create and install an SSL certificate for HBase, for example to use a self-signed certificate:
    1. Create an HBase keystore: su -l hbase -c "keytool -genkey -alias hbase -keyalg RSA -keysize 1024 -keystore hbase.jks".
    2. At the keytool command prompt:
      • Enter the key password
      • Enter the keystore password
      Note
      Note

      Add these two specified values to the corresponding properties in hbase-site.xml in step 2.

    3. Export the certificate: su -l hbase -c "keytool -exportcert -alias hbase -file certificate.cert -keystore hbase.jks".
    4. (Optional) Add certificate to the Java keystore:
    • If you are not root run: sudo keytool -import -alias hbase -file certificate.cert -keystore /usr/jdk64/jdk1.7.0_45/jre/lib/security/cacerts
    • If you are root: keytool -import -alias hbase -file certificate.cert -keystore /usr/jdk64/jdk1.7.0_45/jre/lib/security/cacerts

  2. Add the following properties to the hbase-site.xml configuration file on each node in your HBase cluster:
    <property>
        <name>hbase.ssl.enabled</name>
        <value>true</value>
    </property>
     
    <property> 
       <name>hadoop.ssl.enabled</name>
       <value>true</value>
    </property>
    
    <property>
        <name>ssl.server.keystore.keypassword</name>
        <value>key-password</value>
    </property>
    
    <property>
        <name><ssl.server.keystore.password</name>
        <value>keystore-password</value>
    </property>
    
    <property>
        <name>ssl.server.keystore.location</name>
        <value>/tmp/server-keystore.jks</value>
    </property>
    
  3. Restart all HBase nodes in the cluster.