Configure Oozie client when TLS/SSL is enabled

You must configure the Oozie client if TLS/SSL is enabled in your cluster. You can configure the Oozie command line client using either the JDK certificate store or using the trust-store file.

Using JDK Certificate Store
  • Import the certificate into the JDK certificate store. For example,
    keytool -keystore </usr/java/default/lib/security/cacerts> -import -trustcacerts -alias autotls -file </opt/cloudera/CMCA/trust-store/cm-auto-global_cacerts.pem>  --storepass changeit -noprompt

    You must specify the JDK/JRE certificate file location with the -keystore parameter and the certificate you want to import with the -file parameter.

Using Trust Store
  • Manually specify the trust-store and trust-store password for the Oozie command line client. For example,
    oozie -Djavax.net.ssl.trustStore={trustStoreFile} -Djavax.net.ssl.trustStorePassword={trustStorePassword} jobs -oozie https://{oozieHost}:{ooziePort}/oozie