Community Articles
Find and share helpful community-sourced technical articles
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Labels (1)

We can configure the Zeppelin UI for access over SSL.

Step 1 : Generate certificate sample Command given below

# keytool -genkey -alias zeppelin -keyalg RSA -dname "CN=$HOSTNAME,OU=IT,O=HWX,L=Bangalore,S=KA,C=IN" -keystore zeppelin-keystore.jks -keysize 2048 -validity 365 

Step 2 : Once a keystore and key are created, create a certificate request for the appropriate key (referenced by its alias) with the following command:

#keytool -keystore zeppelin-keystore.jks -alias zeppelin -certreq -file zeppelin.csr

Step 3 : Get this signed with CA authority and import the certificate you recived.

#keytool -import -file zeppelin.crt -keystore zeppelin-keystore.jks

Step 4 : Import the trusted CA certificate in your trustore zeppeline-truststore.jks

#keytool -import -file ca.crt -keystore zeppelin-truststore.jks

Step5 : In Ambari go to Zeppelin ---> Config ---> Advance make the following below changes

Zeppelin.ssl = true
Zeppelin.ssl.client.auth = false
Zeppelin.ssl.key.manager.password = hadoop
Zeppelin.ssl.keystore.password = hadoop
Zeppelin.ssl.keystore.path = /etc/zeppelin/conf/zeppelin-keystore.jks
Zeppelin.ssl.keystore.type = JKS
Zeppelin.ssl.truststore.password = hadoop 
Zeppelin.ssl.truststore.path =  /etc/zeppelin/conf/zeppelin-truststore.jks
Zeppelin.ssl.truststore.type = JKS

Step6 : Restart the zeppelin Service and access this over https <zeppelin_host>:9995

0 Kudos

Hi Rishi,

I have been trying to configure ssl using the above steps. I am getting an error on the 3rd step:-

# keytool -import -file zeppelin.crt -keystore zeppelin-keystore.jks

Enter keystore password:

keytool error: zeppelin.crt (No such file or directory)

I have noticed that in the 2nd step "zeppelin.csr" certificate has been created and in the 3rd steps we are importing "zeppelin.crt". Do we need to perform any other steps before the 3rd step to convert the certificate from .csr to .crt?

Also, I tried creating the certificate name as ".crt" in 2nd step and importing it in the 3rd step as below, but getting a different error:-

# keytool -import -file zeppelin.crt -keystore zeppelin-keystore.jks

Enter keystore password:

keytool error: java.lang.Exception: Input not an X.509 certificate

Could you please help


Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎02-25-2018 11:34 AM
Updated by:
Top Kudoed Authors