Configuring Wire Encryption
Also available as:
PDF
loading table of contents...

Use a Self-Signed Certificate from Oozie Java Clients

When using a self-signed certificate, you must first install the certificate before the Oozie client can connect to the server.

  1. Install the certificate in the keychain:
    1. Copy or download the .cert file onto the client machine.
    2. Run the following command (as root) to import the certificate into the JRE's keystore: sudo keytool -import -alias tomcat -file path/to/certificate.cert -keystore <JRE_cacerts>.

      Where $JRE_cacerts is the path to the JRE's certs file. It's location may differ depending on the Operating System, but its typically called cacerts and located at $JAVA_HOME/lib/security/cacerts. It can be under a different directory in $JAVA_HOME. The default password is changeit.

      Java programs, including the Oozie client, can now connect to the Oozie Server using the self-signed certificate.

  2. In the connection strings change HTTP to HTTPS, for example, replace http://oozie.server.hostname:11000/oozie with https://oozie.server.hostname:11443/oozie.
    Java does not automatically redirect HTTP addresses to HTTPS.