Support Questions

karan_alang1 · ‎05-11-2017

Hello - i've a HDP 2.5 cluster (8 node), and i'm trying to enable SSL/TLS for HDFS .. using the following link -> http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.3/bk_Security_Guide/content/ch_wire-https.html

i'm trying to create the hostkey using the following command ->

keytool -keystore /etc/security/clientKeys/keystore.jks -genkey -alias nwk8

The client key -> /etc/security/clientKeys/keystore.jks is the default entry in file -> /etc/hadoop/2.5.3.0-37/0/ssl-client.xml

This is not available ..

Have some basic questions (since i dont think i understand this yet) - which .jks file should i use ? is that something i get from CA ? What if i use OpenSSL ?

Any inputs on this would be appreciated.

karan_alang1 · ‎05-15-2017

@mqureshi

- thanks for the detailed reply & explanation on this, that really helps clarify the concept.

However, a followup on this .. i've configured SSL/TLS for HDFS, how do i test this & ensure SSL is implemented correctly for HDFS ?

the https Namenode url does not seems to be working, pls see screenshot attached.

Also, attached is the screenshort of the http NameNode url & the configured values of dfs.https.port & dfs.namenode.https-address, in hdfs-site.xml.

screen-shot-2017-05-15-at-35026-pm.png

screen-shot-2017-05-15-at-35101-pm.png

screen-shot-2017-05-15-at-35035-pm.png

View solution in original post

mqureshi · ‎05-15-2017

@Karan Alang

Assuming you have implemented everything correctly, ask your network team if port 50470 is open. This is a connection issue and not an SSL issue.

Cloudera Community

Support Questions

enabling SSL/TLS for HDFS - running into issues