Support Questions

Find answers, ask questions, and share your expertise

Installing SSL on Ambari-Server web

Rising Star

I read the documentation but I am not able to, I have .crt file and .key file and .PFX file. Is that all is needed.

1 ACCEPTED SOLUTION

Cloudera Employee
STEP 1: 
Get certificate from ambari-server 
echo | openssl s_client -showcerts -connect <AMBARI_HOst>:<AMBARI_HTTPs_PORT> 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/ambari_certificate.cr 

STEP 2: 
Get path of ambari trustore and truststore password from Ambari properties 
cat /etc/ambari-server/conf/ambari.properties |grep truststore 

As per your ambari.properties below is the path and password :-
ssl.trustStore.password=refer from ambari.property file
ssl.trustStore.path=/etc/ambari-server/conf/ambari-server-truststore

STEP 3: 
keytool -importcert -file /tmp/ambari_certificate.crt -keystore <keystore-path> 

STEP 4: 
ambari-server restart

View solution in original post

11 REPLIES 11

Rising Star
@Neeraj Sabharwal

Yes I did followed the same step but not using the self-signed cert. When I tried I did got couple of warning but the SSL configuration wasn't that clean but it worked. Port 8443 was open and could connect. But then I noticed that all earlier created HIVE Views are not displaying any data. It was giving error. I think I posted that error on another thread.

Thanks

Prakash

@Prakash Punj Let me take a look on the other thread.

Trust Store Setup - If you plan to use Ambari Views with your Ambari Server, after enabling SSL for Ambari using the instructions below, you must also configure a Truststore for the Ambari Server. Refer to Set Up Truststore for Ambari Server for more information.

I believe we can close this thread.

Rising Star

One more question, after setting this trust-store, do I need to do the same step again to re install the certificates ?

SSL is already working on Ambari-Server

Thanks

prakash

@Prakash Punj I don't think so..If you face the issue then I would start from there.

@Prakash Punj I believe you can help me to close this thread by accepting the answer as you have started a new thread in the same thread. New thread

Rising Star
@Neeraj Sabharwa

So I setup the trust-store but now I am getting this error. Any idea..

 E090 RA040 I/O error while requesting Ambari [AmbariApiException]

Rising Star

E090 RA040 I/O error while requesting Ambari [AmbariApiException]

Hi Neeraj,

I facing similar issue after setting up Trust store and Importing certificate to Trust Store. I have setup the HTTPS with certificate, key and password(my choice). After restarting the Ambari-server and agent. I am not able to access Ambari.

Am I missing some thing here, cloud you please help to fix this issue.

Thanks

Niranjan

Cloudera Employee
STEP 1: 
Get certificate from ambari-server 
echo | openssl s_client -showcerts -connect <AMBARI_HOst>:<AMBARI_HTTPs_PORT> 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/ambari_certificate.cr 

STEP 2: 
Get path of ambari trustore and truststore password from Ambari properties 
cat /etc/ambari-server/conf/ambari.properties |grep truststore 

As per your ambari.properties below is the path and password :-
ssl.trustStore.password=refer from ambari.property file
ssl.trustStore.path=/etc/ambari-server/conf/ambari-server-truststore

STEP 3: 
keytool -importcert -file /tmp/ambari_certificate.crt -keystore <keystore-path> 

STEP 4: 
ambari-server restart
Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.