Cloudera Docs

Configuring TLS/SSL encryption manually for Livy

You can enable TLS manually for the Apache Livy Server.

  1. In Cloudera Manager, select the Livy service from the Clusters drop-down menu.
  2. In the Configuration tab, enter tls into the search box.
  3. Edit the following property fields as needed for your cluster and environment:
    Property Description
    Gateway TLS/SSL Trust Store File The location on disk of the trust store, in .jks format, used to confirm the authenticity of TLS/SSL servers that Gateway might connect to. This trust store must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of well-known certificate authorities is used instead.
    Gateway TLS/SSL Trust Store Password The password for the Gateway TLS/SSL Trust Store File. This password is not required to access the trust store; this field can be left blank. This password provides optional integrity checking of the file. The contents of trust stores are certificates, and certificates are public information.
    Enable TLS/SSL for Livy Server Encrypt communication between clients and Livy Server using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)).
    Livy Server TLS/SSL Server JKS Keystore File Location The path to the TLS/SSL keystore file containing the server certificate and private key used for TLS/SSL. Used when Livy Server is acting as a TLS/SSL server. The keystore must be in JKS format.
    Livy Server TLS/SSL Server JKS Keystore File Password The password for the Livy Server JKS keystore file.
  4. Click Save Changes.
  5. Restart the Livy service.