Community Articles

Find and share helpful community-sourced technical articles.
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Labels (2)
avatar
Rising Star

How to enable SSL for Storm UI on an unsecured cluster:

1. Generate keystore and certificate:

root@beautiful-storm2 ~]# /usr/jdk64/jdk1.8.0_77/bin/keytool -genkeypair -alias certificatekey -keyalg RSA -validity 7 -keystore keystore.jks
Enter keystore password:
Re-enter new password:
What is your first and last name? [Unknown]: storm
What is the name of your organizational unit? [Unknown]: storm
What is the name of your organization? [Unknown]: storm
What is the name of your City or Locality? [Unknown]: storm
What is the name of your State or Province? [Unknown]: storm
What is the two-letter country code for this unit? [Unknown]: storm
Is CN=storm, OU=storm, O=storm, L=storm, ST=storm, C=storm correct? [no]: yes
Enter key password for <certificatekey> (RETURN if same as keystore password):
Re-enter new password:

2. Add below properties via Ambari to custom storm-site

ui.https.key.password=bigdata
ui.https.keystore.password=bigdata
ui.https.keystore.path=/keystore.jks (This is path to your keystore.jks generated in above step)
ui.https.keystore.type=jks
ui.https.port=8740

3. Sanity check: List your keystore:

<code>[root@beautiful-storm2 ~]# /usr/jdk64/jdk1.8.0_77/bin/keytool -list -keystore keystore.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry certificatekey, Dec 13, 2016, PrivateKeyEntry, Certificate fingerprint (SHA1): 4D:8A:C1:0E:8F:4A:4B:26:0C:27:4C:DD:39:96:00:83:CE:F4:B3:6E

4. Now hit Storm https UI:

https://<storm nimbus IP address>:8740/index.html (http does not work now)

5. You will see below in storm ui.log:

2016-12-13 18:47:20.011 o.a.s.j.s.Server [INFO] jetty-7.x.y-SNAPSHOT
2016-12-13 18:47:20.036 o.a.s.j.s.h.ContextHandler [INFO] started o.a.s.j.s.ServletContextHandler{/,null}
2016-12-13 18:47:20.481 o.a.s.j.u.s.SslContextFactory [INFO] Enabled Protocols [SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2] of [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
2016-12-13 18:47:20.493 o.a.s.j.s.AbstractConnector [INFO] Started SslSocketConnector@0.0.0.0:8740
1,836 Views
Version history
Last update:
‎01-01-2017 04:30 AM
Updated by:
Contributors