Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Installing SSL on Ambari-Server web

avatar
Expert Contributor

I read the documentation but I am not able to, I have .crt file and .key file and .PFX file. Is that all is needed.

1 ACCEPTED SOLUTION

avatar
Master Collaborator
STEP 1: 
Get certificate from ambari-server 
echo | openssl s_client -showcerts -connect <AMBARI_HOst>:<AMBARI_HTTPs_PORT> 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/ambari_certificate.cr 

STEP 2: 
Get path of ambari trustore and truststore password from Ambari properties 
cat /etc/ambari-server/conf/ambari.properties |grep truststore 

As per your ambari.properties below is the path and password :-
ssl.trustStore.password=refer from ambari.property file
ssl.trustStore.path=/etc/ambari-server/conf/ambari-server-truststore

STEP 3: 
keytool -importcert -file /tmp/ambari_certificate.crt -keystore <keystore-path> 

STEP 4: 
ambari-server restart

View solution in original post

11 REPLIES 11

avatar
Master Mentor

avatar
Master Mentor

avatar
Expert Contributor
@Neeraj Sabharwal

Yes I did followed the same step but not using the self-signed cert. When I tried I did got couple of warning but the SSL configuration wasn't that clean but it worked. Port 8443 was open and could connect. But then I noticed that all earlier created HIVE Views are not displaying any data. It was giving error. I think I posted that error on another thread.

Thanks

Prakash

avatar
Master Mentor

@Prakash Punj Let me take a look on the other thread.

Trust Store Setup - If you plan to use Ambari Views with your Ambari Server, after enabling SSL for Ambari using the instructions below, you must also configure a Truststore for the Ambari Server. Refer to Set Up Truststore for Ambari Server for more information.

I believe we can close this thread.

avatar
Expert Contributor

One more question, after setting this trust-store, do I need to do the same step again to re install the certificates ?

SSL is already working on Ambari-Server

Thanks

prakash

avatar
Master Mentor

@Prakash Punj I don't think so..If you face the issue then I would start from there.

avatar
Master Mentor

@Prakash Punj I believe you can help me to close this thread by accepting the answer as you have started a new thread in the same thread. New thread

avatar
Expert Contributor
@Neeraj Sabharwa

So I setup the trust-store but now I am getting this error. Any idea..

 E090 RA040 I/O error while requesting Ambari [AmbariApiException]

avatar
Expert Contributor

E090 RA040 I/O error while requesting Ambari [AmbariApiException]