Enable SSL on Oozie
The default SSL configuration makes all Oozie URLs use HTTPS except for the JobTracker callback URLs. This simplifies the configuration because no changes are required outside of Oozie. Oozie inherently does not trust the callbacks, they are used as hints.
- If Oozie server is running, stop Oozie.
- Change the Oozie environment variables for HTTPS if required:
- OOZIE_HTTPS_PORT set to Oozie HTTPS port. The default value is 11443.
- OOZIE_HTTPS_KEYSTORE_FILE set to the keystore file that contains the certificate information. Default value $<HOME>/.keystore, that is the home directory of the Oozie user.
- OOZIE_HTTPS_KEYSTORE_PASS set to the password of the keystore file. Default value password.
See “Oozie Environment Setup” (link below) for more details.
- Run the following command to enable SSL on Oozie:
su -l oozie -c "/usr/hdp/current/oozie-server/bin/oozie-setup.sh prepare-war -secure".
- Start the Oozie server.