While communicating with Knox Proxy, DLM Engine establishes two way SSL connection
while acquiring the SSO token and hence the certificate (either self-signed for test setup
or received from Certificate Authority) of DLM Engine needs to be imported in the Knox Proxy
truststore and the certificate (either self-signed for test setup or received from
Certificate Authority) of Knox Proxy need to imported in DLM Engine’s
truststore.
You must be aware that the Knox instance referred above is the one on the remote
cluster DLM Engine needs to communicate with. The location of the trust store can be
configured both in DLM Engine and Knox Proxy. Perform the following steps to export
the SSL certificate.
-
To export the SSL certificate of DLM Engine, on DLM Engine host, perform
this:
$JAVA_HOME/bin/keytool -exportcert -alias jetty -keystore
<beacon_keystore_file_path> -file <beacon_cert.pem>
-rfc
-
Copy the SSL certificate file
<beacon_cert.pem>
to the Knox
proxy host.
-
Import the SSL certificate file in the truststore of Knox Proxy host. On knox
proxy host, perform this:
$JAVA_HOME/bin/keytool -import -alias jetty -keystore
<path_to_knox_truststore_file> -file <beacon_cert.pem>
-
To export the SSL certificate of Knox Proxy, on Knox Proxy host, perform
this:
$JAVA_HOME/bin/keytool -exportcert -alias gateway-identity -rfc -file
<knox_gw_cert.pem> -keystore
/usr/hdp/current/knox-server/data/security/keystores/gateway.jks
-
Copy the SSL certificate file
<knox_gw_cert.pem>
to the DLM
Engine host.
-
Import the SSL certificate file in the truststore of DLM Engine host. On DLM
Engine host, perform this:
$JAVA_HOME/bin/keytool -import -alias gateway-identity -keystore
<path_to_beacon_truststore_file> -file
<knox_gw_cert.pem>