How to enable SSL for Storm UI on an unsecured cluster:
1. Generate keystore and certificate:
root@beautiful-storm2 ~]# /usr/jdk64/jdk1.8.0_77/bin/keytool -genkeypair -alias certificatekey -keyalg RSA -validity 7 -keystore keystore.jks
Enter keystore password:
Re-enter new password:
What is your first and last name? [Unknown]: storm
What is the name of your organizational unit? [Unknown]: storm
What is the name of your organization? [Unknown]: storm
What is the name of your City or Locality? [Unknown]: storm
What is the name of your State or Province? [Unknown]: storm
What is the two-letter country code for this unit? [Unknown]: storm
Is CN=storm, OU=storm, O=storm, L=storm, ST=storm, C=storm correct? [no]: yes
Enter key password for <certificatekey> (RETURN if same as keystore password):
Re-enter new password:
2. Add below properties via Ambari to custom storm-site
ui.https.key.password=bigdata
ui.https.keystore.password=bigdata
ui.https.keystore.path=/keystore.jks (This is path to your keystore.jks generated in above step)
ui.https.keystore.type=jks
ui.https.port=8740
3. Sanity check: List your keystore:
<code>[root@beautiful-storm2 ~]# /usr/jdk64/jdk1.8.0_77/bin/keytool -list -keystore keystore.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry certificatekey, Dec 13, 2016, PrivateKeyEntry, Certificate fingerprint (SHA1): 4D:8A:C1:0E:8F:4A:4B:26:0C:27:4C:DD:39:96:00:83:CE:F4:B3:6E
4. Now hit Storm https UI:
https://<storm nimbus IP address>:8740/index.html (http does not work now)