Hortonworks recommends configuring SSL after HDP Security Administration server and agents are fully configured and tested.
Note | |
---|---|
These steps require a private key for HDP Security Administration server and a valid CA X509 Certificate in JKS format. For more details on obtaining a certificate, see http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Certificates. |
Log on to the HDP Security Administration server as root.
Install the certificate in the key store following the instructions outlined in http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Certificates.
Edit the
/usr/lib/xapolicymgr/ews/xapolicymgr.properties
as follows:Comment out the following line to disable the HTTP service port:
#http.service.port=6080
Uncomment the following line to enable the HTTPS service port:
https.service.port=6080
Note Modify the port number as required.
Add the certificate key store information:
https.attrib.keyAlias=$KeyAlias_From_JKS_file https.attrib.keystorePass=$KeyStore_Password_for_JKS_file https.attrib.keystoreFile=$Absolute_Path_JKS_file
Restart the HDP Security Administration service as follows:
service xapolicymgr stop service xapolicymgr start