Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Configure SSL for Zeppelin UI

Labels (1)
Labels:
avatar
author-rank rjain1
Expert Contributor

Created on ‎02-25-2018 11:34 AM - edited on ‎09-30-2020 11:46 AM by Expert Contributor Expert Contributor

We can configure the Zeppelin UI for access over SSL.

 

Step 1 : Create a keystore

For Self-Signed Certificate:

 

 

 

### Generate a keystore
# keytool -genkey -alias zeppelin -keyalg RSA -dname "CN=$HOSTNAME,OU=IT,O=HWX,L=Bangalore,S=KA,C=IN" -keystore /etc/zeppelin/conf/zeppelin-keystore.jks -keysize 2048 -validity 365 -keypass hadoop -storepass hadoop 

### Export self-signed certificate to a pem file
# keytool -exportcert -keystore /etc/zeppelin/conf/zeppelin-keystore.jks -alias zeppelin  -file zeppelin.pem -rfc

 

 

 

For CA-Signed Certificate:

 

 

### Get certificate from you CA and create a PKCS12 keystore
# openssl pkcs12 -export -inkey zeppelin.key -in zeppelin.pem -certfile /path/to/ca/certificate/ca.pem -out zeppelin.pfx

### Convert pkcs12 keystore to jks keystore
# keytool -v -importkeystore -srckeystore zeppelin.pfx -srcstoretype PKCS12 -destkeystore /etc/zeppelin/conf/zeppelin-keystore.jks -deststoretype JKS -srcalias 1 -destalias $(hostname)

### Validate whether Privatekey and cert chain is present
# keytool -list -keystore /etc/zeppelin/conf/zeppelin-keystore.jks -v

 

 

 

Step 2 : Import certificate(s) to a truststore

 

 

 

# keytool -import -file zeppelin.pem -alias zeppelin -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit

 

 

 

Note: For CA sign certificates, kindly import certificate chain (CA and IntermediateCA certificates) to truststore using below command

 

 

# keytool -import -file <certificate> -alias <alias> -keystore $JAVA_HOME/jre/lib/security/cacerts

 

 

 

Step 3 : In Ambari go to Zeppelin ---> Config ---> Advance make the following below changes

 

 

Zeppelin.ssl = true
Zeppelin.ssl.client.auth = false
Zeppelin.ssl.key.manager.password = hadoop
Zeppelin.ssl.keystore.password = hadoop
Zeppelin.ssl.keystore.path = /etc/zeppelin/conf/zeppelin-keystore.jks
Zeppelin.ssl.keystore.type = JKS
Zeppelin.ssl.truststore.password = changeit 
Zeppelin.ssl.truststore.path = /<JAVA-HOME-PATH>/jre/lib/security/cacerts
Zeppelin.ssl.truststore.type = JKS

 

 

Step 4 : Restart the zeppelin Service and access this over https://<zeppelin_host>:9995

5,729 Views
0 Kudos
Comments

Re: Configure SSL for Zeppelin UI

avatar
author-rank Pankaj.1207
Contributor

Created on ‎07-10-2018 03:19 PM

Hi Rishi,

I have been trying to configure ssl using the above steps. I am getting an error on the 3rd step:-

# keytool -import -file zeppelin.crt -keystore zeppelin-keystore.jks

Enter keystore password:

keytool error: java.io.FileNotFoundException: zeppelin.crt (No such file or directory)

I have noticed that in the 2nd step "zeppelin.csr" certificate has been created and in the 3rd steps we are importing "zeppelin.crt". Do we need to perform any other steps before the 3rd step to convert the certificate from .csr to .crt?

Also, I tried creating the certificate name as ".crt" in 2nd step and importing it in the 3rd step as below, but getting a different error:-

# keytool -import -file zeppelin.crt -keystore zeppelin-keystore.jks

Enter keystore password:

keytool error: java.lang.Exception: Input not an X.509 certificate

Could you please help

Thanks.

Announcements
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements
Version history
Last update:
‎09-30-2020 11:46 AM
Updated by:
Expert Contributor Expert Contributor
Contributors