Configuring TLS/SSL for HttpFS
Minimum Required Role: Configurator (also provided by Cluster Administrator, Full Administrator)
The steps for configuring and enabling TLS/SSL for HttpFS using Cloudera Manager are as follows:
- Go to the HDFS service
- Click the Configuration tab.
- Select .
- .
- Edit the following TLS/SSL properties according to your cluster configuration:
HttpFS TLS/SSL Properties Property Description Use TLS/SSL Use TLS/SSL for HttpFS. HttpFS Keystore File Location of the keystore file used by the HttpFS role for TLS/SSL. Default: /var/run/hadoop-httpfs/.keystore. Note that the default location for the keystore file is on non-persistent disk.
HttpFS Keystore Password Password of the keystore used by the HttpFS role for TLS/SSL. If the keystore password has a percent sign, it must be escaped. For example, for a password that is pass%word, use pass%%word.
HttpFS TLS/SSL Certificate Trust Store File The location on disk of the truststore, in .jks format, used to confirm the authenticity of TLS/SSL servers that HttpFS might connect to. This is used when HttpFS is the client in a TLS/SSL connection. HttpFS TLS/SSL Certificate Trust Store Password The password for the HttpFS TLS/SSL Certificate Trust Store File. This password is not required to access the truststore; this field can be left blank. If the truststore password has a percent sign, it must be escaped. For example, for a password that is pass%word, use pass%%word.
- Click Save Changes.
- Restart the HDFS service.
Connect to the HttpFS Web UI using TLS/SSL (HTTPS)
Use https://<httpfs_server_hostname>:14000/webhdfs/v1/, though most browsers should automatically redirect you if you use http://<httpfs_server_hostname>:14000/webhdfs/v1/