DLM Installation and Upgrade
Also available as:
PDF

Set up self-signed certificates

You can enable SSL for the DLM Engine using a self-signed certificate. Self-signed certificates are primarily used in test environments. For a production environment, you should use a certificate from a trusted CA.

You must have root user access to the clusters on which DLM Engine is installed.
  1. Log in as root user on the cluster with DLM Engine installed.
  2. Generate a key pair and keystore for use with DLM Engine.
    keytool -genkey -alias jetty -keystore <certificate_file_path> 
    -storepass <keystore_password> -dname 'CN=beacon.host.com, OU=Eng, O=ABC Corp, 
    L=Santa Clara, ST=CA, C=US' -keypass <key_password>
    Follow the prompts and enter the required information.
    • CN must be the FQDN of the DLM Engine host
    • Default value for the key password is password.

      If you change the password then you have to update the DLM configuration.

    Following is sample command output:
    keytool -genkey -alias jetty -keystore ~/tmp/ks -storepass password
    What is your first and last name?
      [Unknown]:  beacon.host.com
    What is the name of your organizational unit?
      [Unknown]:  Eng
    What is the name of your organization?
      [Unknown]:  ABC Corp
    What is the name of your City or Locality?
      [Unknown]:  Santa Clara
    What is the name of your State or Province?
      [Unknown]:  CA
    What is the two-letter country code for this unit?
      [Unknown]:  US
    Is CN=beacon.host.com, OU=Eng, O=ABC Corp, L=Santa Clara, ST=CA, C=US correct?
      [no]:  yes
    
    Enter key password for <jetty>
      (RETURN if same as keystore password):
    
    Note
    Note
    You will have to use this keystore file while configuring the DLM Engine for TLS in Ambari.
  3. Export the certificate.
    keytool -exportcert -alias jetty -keystore /my/file.keystore -file <certificate file path> -storepass <keystore_password> -rfc
    
Configure the keystore for DataPlane use.