Community Articles

The steps to set up Atlas with Ldaps (ssl) are below.

Download the AD CA certificate on Atlas instance

echo -n | openssl s_client -connect ad.xx.xx.com:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /root/ldaps-ca.cert

View the certificate

openssl x509 -noout -text -in /root/ldaps-ca.cert

Import the AD CA certificate to trust-store in Atlas instance.

$JAVA_HOME/bin/keytool -import -alias AD -keystore /home/nixon/ad-truststore -file /root/ldaps-ca.cert  

#remember the password used while importing into trust-store

Verify the certificate added to trust-store.

$JAVA_HOME/bin/keytool -list -alias AD -keystore /etc/atlas/conf/ad-truststore

Change ownership of trust-store if needed

chown atlas:hadoop /etc/atlas/conf/ad-truststore

Add the following config to Atlas Advanced atlas-env metadata_opts via Ambari, so that ATLAS_OPTS is set within atlas-env.sh

-Djavax.net.ssl.trustStore=/etc/atlas/conf/ad-truststore -Djavax.net.ssl.trustStorePassword=<password>

Or can be added as env variable in atlas_start.py for atlas java process.