Main difference between trustStore vs keyStore is that trustStore (as name suggest) is used to store certificates from trusted Certificate authorities(CA) which are used to verify certificate presented by Server in SSL Connection while keystore is used to store private key and own identity certificate which program should present to other parties (Server or client) to verify its identity. That was one-liner difference between trustStore vs keyStore in Java but no doubt these two terms are quite a confusion not just for anyone who is the first time doing SSL connection in Java but also many intermediate and senior developers.
You will have to use the keytool to convert CA certificate to the JKS (java key store )format which is readable by Zeppelin,Here is an example of using a self-signed certificate configure_zeppelin_ssl
It could look like this
Get this signed with CA authority and import the certificate you received.
# keytool -import -file zeppelin.crt -keystore zeppelin-keystore.jks
Import the trusted CA certificate in your truststore zeppeline-truststore.jks
#keytool -import -file ca.crt -keystore zeppelin-truststore.jks
In Ambari go to Zeppelin ---> Config ---> Advance make the following below changes assuming you used hadoop as password when creating the trust/key stores
Zeppelin.ssl = true
Zeppelin.ssl.client.auth = false
Zeppelin.ssl.key.manager.password = hadoop
Zeppelin.ssl.keystore.password = hadoop
Zeppelin.ssl.keystore.path = /etc/zeppelin/conf/zeppelin-keystore.jks
Zeppelin.ssl.keystore.type = JKS
Zeppelin.ssl.truststore.password = hadoop
Zeppelin.ssl.truststore.path = /etc/zeppelin/conf/zeppelin-truststore.jks
Zeppelin.ssl.truststore.type = JKS
Step6 : Restart the zeppelin Service and access this over https <zeppelin_host>:9995
Configure a key manager and key store settings with the correct values for your system:
Set zeppelin.ssl.key.manager.password to the password associated with the key manager.
Set zeppelin.ssl.keystore.password to the password associated with the key store.
Set zeppelin.ssl.keystore.path to the path associated with the key store.
Set zeppelin.ssl.keystore.type to the type of key store configured on the cluster (for example, JKS).
If you wish to use client-side certificate authentication, enable client-side authentication and configure the associated trust store settings:
Set zeppelin.ssl.cient.auth to true
Set zeppelin.ssl.truststore.path to the path associated with your trust store.
Set zeppelin.ssl.truststore.password to the password associated with your trust store.
Set zeppelin.ssl.truststore.type to the type of trust store configured on the cluster (for example, JKS).
Check to make sure that all settings are valid.