Community Articles

To enable the SSL/HTTPS for Ambari, have to input signed certificate and Privatekey file.

Generally many organizations would have JavaKeyStore/JKS file from which they would have generated a CSR and got the signed certificate from CA. In this case they may not have separate Privatekey file with them. In that scenario below steps can be followed to enable the SSL. Here I am providing the steps to enable the SSL using self signed certificate.

1. Create Java key store:

keytool -genkey -keyalg RSA -alias ambari -keystore keystore.jks -validity 360 -keysize 2048

2. Export cert to server.cer file

keytool -export -alias ambari -file server.cer -keystore keystore.jks

Note: In case of CA signing, CSR can be exported from JKS file and get that signed from appropriate CA.

3. Convert .cer file from DER format to PEM format

openssl x509 -in server.cer -inform der -outform pem -out server.pem

3. Export Privatekey to PKCS12

keytool -v -importkeystore -srckeystore keystore.jks -srcalias ambari -destkeystore myp12file.p12 -deststoretype PKCS12

4. Now convert private key PKCS12 to PEM format

openssl pkcs12 -in myp12file.p12 -out private.pem

In the ambari-server setup-security use

Privatekey - private.pem

Certificate - server.pem

More documentation on setup-security is at https://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.1/bk_Ambari_Security_Guide/content/_optional_...