Cloudera Docs

Set up self-signed certificates

You can enable SSL for the DAS Engine using a self-signed certificate. Self-signed certificates are primarily used in test environments. For a production environment, you should use a certificate from a trusted CA.

You must have root user access to the clusters on which DAS Engine is installed.
  1. Log in as root user on the cluster with DAS Engine installed.
  2. Generate a key pair and keystore for use with DAS Engine. 
    keytool -genkey -alias jetty -keystore <certificate_file_path> -storepass <keystore_password> -dname 'CN=das.host.com, OU=Eng, O=ABC Corp, L=Santa Clara, ST=CA, C=US' -keypass <key_password> -keyalg RSA
    Follow the prompts and enter the required information.
    • CN must be the FQDN of the DAS Engine host.
    • Default value for the key password is password.

      If you change the password, then you have to update the DAS configuration.

    Following is a sample command output:
    keytool -genkey -alias jetty -keystore ~/tmp/ks -storepass password
What is your first and last name?
  [Unknown]:  das.host.com
What is the name of your organizational unit?
  [Unknown]:  Eng
What is the name of your organization?
  [Unknown]:  ABC Corp
What is the name of your City or Locality?
  [Unknown]:  Santa Clara
What is the name of your State or Province?
  [Unknown]:  CA
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=das.host.com, OU=Eng, O=ABC Corp, L=Santa Clara, ST=CA, C=US correct?
  [no]:  yes

Enter key password for <jetty>
  (RETURN if same as keystore password):