You must configure the Oozie client if TLS/SSL is enabled in your cluster. You can
configure the Oozie command line client using either the JDK certificate store or using the
trust-store file.
Using JDK Certificate Store
-
Import the certificate into the JDK certificate store. For example,
keytool -keystore </usr/java/default/lib/security/cacerts> -import -trustcacerts -alias autotls -file </opt/cloudera/CMCA/trust-store/cm-auto-global_cacerts.pem> --storepass changeit -noprompt
You must specify the JDK/JRE certificate file location with the -keystore parameter and the certificate you want to import with the -file parameter.
Using Trust Store
-
Manually specify the trust-store and trust-store password for the Oozie command line client. For example,
oozie -Djavax.net.ssl.trustStore={trustStoreFile} -Djavax.net.ssl.trustStorePassword={trustStorePassword} jobs -oozie https://{oozieHost}:{ooziePort}/oozie
Using insecure SSL connnection
-
From the Cloudera Runtime 7.1.7 SP1 release onwards, you can manually set the SSL
connection to
insecure. For example,
oozie jobs -oozie https://{oozieHost}:{ooziePort}/oozie -insecure
This causes Oozie to allow certificate errors while the data remains
encrypted. With this, there is no need to import the certificate into the JDK
certificate store or specify the trust-store and trust-store password manually for the
Oozie command line client.
