Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Labels (2)
Contributor

How to enable SSL for Storm UI on an unsecured cluster:

1. Generate keystore and certificate:

root@beautiful-storm2 ~]# /usr/jdk64/jdk1.8.0_77/bin/keytool -genkeypair -alias certificatekey -keyalg RSA -validity 7 -keystore keystore.jks
Enter keystore password:
Re-enter new password:
What is your first and last name? [Unknown]: storm
What is the name of your organizational unit? [Unknown]: storm
What is the name of your organization? [Unknown]: storm
What is the name of your City or Locality? [Unknown]: storm
What is the name of your State or Province? [Unknown]: storm
What is the two-letter country code for this unit? [Unknown]: storm
Is CN=storm, OU=storm, O=storm, L=storm, ST=storm, C=storm correct? [no]: yes
Enter key password for <certificatekey> (RETURN if same as keystore password):
Re-enter new password:

2. Add below properties via Ambari to custom storm-site

ui.https.key.password=bigdata
ui.https.keystore.password=bigdata
ui.https.keystore.path=/keystore.jks (This is path to your keystore.jks generated in above step)
ui.https.keystore.type=jks
ui.https.port=8740

3. Sanity check: List your keystore:

<code>[root@beautiful-storm2 ~]# /usr/jdk64/jdk1.8.0_77/bin/keytool -list -keystore keystore.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry certificatekey, Dec 13, 2016, PrivateKeyEntry, Certificate fingerprint (SHA1): 4D:8A:C1:0E:8F:4A:4B:26:0C:27:4C:DD:39:96:00:83:CE:F4:B3:6E

4. Now hit Storm https UI:

https://<storm nimbus IP address>:8740/index.html (http does not work now)

5. You will see below in storm ui.log:

2016-12-13 18:47:20.011 o.a.s.j.s.Server [INFO] jetty-7.x.y-SNAPSHOT
2016-12-13 18:47:20.036 o.a.s.j.s.h.ContextHandler [INFO] started o.a.s.j.s.ServletContextHandler{/,null}
2016-12-13 18:47:20.481 o.a.s.j.u.s.SslContextFactory [INFO] Enabled Protocols [SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2] of [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
2016-12-13 18:47:20.493 o.a.s.j.s.AbstractConnector [INFO] Started SslSocketConnector@0.0.0.0:8740
935 Views
Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎01-01-2017 04:30 AM
Updated by:
 
Contributors
Top Kudoed Authors