Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Now Live: Explore expert insights and technical deep dives on the new Cloudera Community BlogsRead the Announcement

How to enable SSL for Storm UI

Labels (2)
avatar
author-rank ArtiW author-rank
Rising Star

Created on ‎01-01-2017 04:30 AM

How to enable SSL for Storm UI on an unsecured cluster:

1. Generate keystore and certificate:

root@beautiful-storm2 ~]# /usr/jdk64/jdk1.8.0_77/bin/keytool -genkeypair -alias certificatekey -keyalg RSA -validity 7 -keystore keystore.jks
Enter keystore password:
Re-enter new password:
What is your first and last name? [Unknown]: storm
What is the name of your organizational unit? [Unknown]: storm
What is the name of your organization? [Unknown]: storm
What is the name of your City or Locality? [Unknown]: storm
What is the name of your State or Province? [Unknown]: storm
What is the two-letter country code for this unit? [Unknown]: storm
Is CN=storm, OU=storm, O=storm, L=storm, ST=storm, C=storm correct? [no]: yes
Enter key password for <certificatekey> (RETURN if same as keystore password):
Re-enter new password:

2. Add below properties via Ambari to custom storm-site 

ui.https.key.password=bigdata
ui.https.keystore.password=bigdata
ui.https.keystore.path=/keystore.jks (This is path to your keystore.jks generated in above step)
ui.https.keystore.type=jks
ui.https.port=8740

3. Sanity check: List your keystore: 

<code>[root@beautiful-storm2 ~]# /usr/jdk64/jdk1.8.0_77/bin/keytool -list -keystore keystore.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry certificatekey, Dec 13, 2016, PrivateKeyEntry, Certificate fingerprint (SHA1): 4D:8A:C1:0E:8F:4A:4B:26:0C:27:4C:DD:39:96:00:83:CE:F4:B3:6E

4. Now hit Storm https UI: 

https://<storm nimbus IP address>:8740/index.html (http does not work now)

5. You will see below in storm ui.log: 

2016-12-13 18:47:20.011 o.a.s.j.s.Server [INFO] jetty-7.x.y-SNAPSHOT
2016-12-13 18:47:20.036 o.a.s.j.s.h.ContextHandler [INFO] started o.a.s.j.s.ServletContextHandler{/,null}
2016-12-13 18:47:20.481 o.a.s.j.u.s.SslContextFactory [INFO] Enabled Protocols [SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2] of [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
2016-12-13 18:47:20.493 o.a.s.j.s.AbstractConnector [INFO] Started SslSocketConnector@0.0.0.0:8740
2,240 Views
Announcements
Community Announcements
Announcing the Launch of Cloudera Community Blogs
Community Announcements
October / November 2025 Community Highlights
What's New @ Cloudera
Announcing Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
Announcing Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
Welcome to the Cloudera Community!
View More Announcements
Version history
Last update:
‎01-01-2017 04:30 AM
Updated by:
Rising Star Rising Star
Contributors