Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Labels (1)
Contributor

if you want to verify the Certificate contents of KNOX Server execute below command

openssl s_client -showcerts -connect 127.0.0.1:8443

if developers want to connect to KNOX with SSL enabled

copy cert contents from above command to knox.crt file and import to a Keystore by executing below command

keytool -import -keystore myLocalTrustStore.jks -file knox.crt

Now developers use as below

beeline> !connect "jdbc:hive2://hadoop-knox.dev.XXXX.com:8443/default;transportMode=http;

httpPath=gateway/default/hive;ssl=true;sslTrustStore=/tmp/knoxhacerts/new/myLocalTrustStore.jks;trustStorePassword=knoxdev"

Hive JDBC

jdbc:hive2://{gateway-host}:{gateway-port}/;

ssl=true;

sslTrustStore={gateway-trust-store-path};

trustStorePassword={gateway-trust-store-password};

transportMode=http;

httpPath={gateway-path}/{cluster-name}/hive

If you want to list the imported certs in a JKS file execute below command.

keytool -v -list -keystore gateway.jks

command to create new truststore myNewTrustSTore.jks

keytool -import -alias knox -keystore ./myNewTrustStore.jks -file ./knox-cert.pem

knox-cert.pem is the cert you saved knox.crt certificate in pem format

if you want to change SSL certificate for KNOX

http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.2/bk_Security_Guide/content/knox_ca_signed_cer...

Pls upvote if this article helps.

886 Views
Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎04-27-2017 06:45 PM
Updated by:
 
Contributors
Top Kudoed Authors