Creating a truststore file in PEM format

Server certificates are stored in Java KeyStore (JKS) format and must be converted to Privacy Enhanced Mail (PEM) format.

To create the Hue truststore, extract each certificate from its keystore with the Java keytool, convert the certificate to PEM format with the OpenSSL.org openssl tool, and then add it to the Hue truststore:

Extract the certificate from the keystore of each TLS/SSL-enabled server with which Hue communicates. For example, if you have hadoop-server.keystore that contains a server certificate, foo-1.example.com with a password of example123, you would use the following keytool command:
```
keytool -exportcert -keystore hadoop-server.keystore -alias foo-1.example.com -storepass example123 -file foo-1.cert
```
Convert each certificate into a PEM file. Here is what the openssl tool command looks like for the foo-1.cert file that was extracted in Step 1:
```
openssl x509 -inform der -in foo-1.cert > foo-1.pem
```
Concatenate all the PEM certificates you extracted and converted from the server truststore into one PEM file:
```
cat foo-1.pem foo-2.pem foo-n.pem ... > hue_truststore.pem
```
important
Ensure the final PEM truststore is deployed in a location that is accessible by the Hue service.

We want your opinion

How can we improve this page?

What kind of feedback do you have?