When setting up SSL in production environments, Hortonworks recommends using Certificate Authority (CA) certificates that are signed by a well-known, trusted third-party. In development and other non-production environments, you may want to use certificates signed by an internal CA or self-signed certifcate.
Java-based Hadoop components such as HDFS, MapReduce, YARN, etc support
JKS format, while Python based services such as Hue uses
PEM format.
The basic process for enabling SSL support includes:
Create a signed certificate as follows:
From a third-party CA (recommended for production environments)
Creating and signing the certificate using an internal CA
Creating a self-signed certificate (not recommended, use only in small cluster for demonstration)
Installing the certificate on the host
Generating a public/private key pair
Securing the private key
Importing the certificate into the client truststore
Enabling SSL for Hadoop Component
Restarting the services
This section contains the following topics:
![[Note]](../common/images/admon/note.png) | Note |
|---|---|
These instructions are based on information found in the Oracle keytool reference, see keytool - Key and Certificate Management Tool and the OpenSSL How to Documentation, refer to the SSL utilities for details. |
