Enable SSL for HttpFS
How to configure HttpFS to work over SSL.
httpfs-env.shscript in the configuration directory:
HTTPFS_SSL_ENABLED=true HTTPFS_SSL_KEYSTORE_FILE=$HOME/.keystore HTTPFS_SSL_KEYSTORE_PASS=password
In the HttpFS
tomcat/confdirectory, replace the
server.xmlfile with the
Create an SSL certificate for the HttpFS server. As the httpfs Unix user, use the
Java keytool command to create the SSL certificate:
$ keytool -genkey -alias tomcat -keyalg RSA.
You will be asked a series of questions in an interactive prompt. It will create the keystore file, which will be named
.keystoreand located in the httpfs user home directory.
The password you enter for “keystore password” must match the value of the HTTPFS_SSL_KEYSTORE_PASS environment variable set in the
httpfs-env.shscript in the configuration directory.
The answer to “What is your first and last name?” (i.e. “CN”) must be the host name of the machine where the HttpFS Server will be running.
- Start HttpFS. It should work over HTTPS.
- Utilizing the Hadoop FileSystem API or the Hadoop FS shell, use the swebhdfs:// scheme. Make sure the JVM is picking up the truststore containing the public key of the SSL certificate if you are using a self-signed certificate.