Community Articles

Find and share helpful community-sourced technical articles.
Labels (1)
avatar
Expert Contributor

if you want to verify the Certificate contents of KNOX Server execute below command

openssl s_client -showcerts -connect 127.0.0.1:8443

if developers want to connect to KNOX with SSL enabled

copy cert contents from above command to knox.crt file and import to a Keystore by executing below command

keytool -import -keystore myLocalTrustStore.jks -file knox.crt

Now developers use as below

beeline> !connect "jdbc:hive2://hadoop-knox.dev.XXXX.com:8443/default;transportMode=http;

httpPath=gateway/default/hive;ssl=true;sslTrustStore=/tmp/knoxhacerts/new/myLocalTrustStore.jks;trustStorePassword=knoxdev"

Hive JDBC

jdbc:hive2://{gateway-host}:{gateway-port}/;

ssl=true;

sslTrustStore={gateway-trust-store-path};

trustStorePassword={gateway-trust-store-password};

transportMode=http;

httpPath={gateway-path}/{cluster-name}/hive

If you want to list the imported certs in a JKS file execute below command.

keytool -v -list -keystore gateway.jks

command to create new truststore myNewTrustSTore.jks

keytool -import -alias knox -keystore ./myNewTrustStore.jks -file ./knox-cert.pem

knox-cert.pem is the cert you saved knox.crt certificate in pem format

if you want to change SSL certificate for KNOX

http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.2/bk_Security_Guide/content/knox_ca_signed_cer...

Pls upvote if this article helps.

2,145 Views