Cloudbreak contains mini KNOX which is not managed by Ambari. Below are the steps to replace Self Signed Certificate with CA Signed Certificates Step 1: Remove below two entries from /usr/hdp/current/knox-server/conf/gateway-site.xml and save it. <property> <name>gateway.signing.keystore.name</name> <value>signing.jks</value> </property> <property> <name>gateway.signing.key.alias</name> <value>signing-identity</value> </property> Step 2: Take a backup of original configuration: [~]$ cd /usr/hdp/current/knox-server/data/security/keystores/ [~]$ mkdir backup [~]$ mv __gateway-credentials.jceks gateway.jks backup/ Step 3: Create a keystore in PKCS12 format from your private key file, certificate, Intermediate certificate and root certificate [~]$ openssl pkcs12 -export -out corp_cert_chain.pfx -inkey <private-key>.key -in <cert.cer> -certfile <root_intermediate>.cer -certfile <root_ca>.cer Step 4: Regenerate Master Key. Use the same password for master key and keystore. # rm -rf /usr/hdp/current/knox-server/data/security/master # ls -l /usr/hdp/current/knox-server/data/security/master # /usr/hdp/current/knox-server/bin/knoxcli.sh create-master Step 5: Generate Knox keystore [~]$ cp corp_cert_chain.pfx /usr/hdp/current/knox-server/data/security/keystores/ [~]$ cd /usr/hdp/current/knox-server/data/security/keystores/ [~]$ keytool -importkeystore -srckeystore corp_cert_chain.pfx -srcstoretype pkcs12 -destkeystore gateway.jks -deststoretype jks -srcstorepass <src-keystore-password> -deststorepass <knox-master-secret> -destkeypass <knox-master-secret> Step 6: Replace the alias of keystore keytool -changealias -alias "1" -destalias "gateway-identity" -keypass keypass -keystore gateway.jks-storepass storepass Step 7: Store the keystore password in jceks file [~]$ /usr/hdp/current/knox-server/bin/knoxcli.sh create-alias gateway-identity-passphrase --value <knox-master-secret> Step 8: Restart Knox, you should see the below-highlighted lines in your knox logs [~]$ tail –f /var/log/knox/gateway.log ... View more

Requirement: HDP 2.6.1 Fix version is knox: 0.12.0, according to KNOX-841 Method I: Using "solr" as data service {/usr/hdp/current/knox-server/data/services/solr} Add below in Ambari UI > KNOX > Configs > Advanced topology for Solr UI. default.xml <service> <role>SOLR</role> <url>http://<solr-hostname>:8983</url> </service> Make sure service def is in Upper Case. Restart KNOX Use below URL for access Solr UI using KNOX https://<knox-hostname>:8443/gateway/default/solr Method II: Using "solrapi" as data service {/usr/hdp/current/knox-server/data/services/solrapi} for Banana UI KNOX-528 Add below in Ambari UI > KNOX > Configs > Advanced topology for Solr UI. default.xml <service> <role>SOLRAPI</role> <url>http://<solr-hostname>:8983/solr</url> </service> Login into sorl server: Please make sure you have "banana" folder under below location. /opt/lucidworks-hdpsearch/solr/server/solr-webapp/webapp Create a new file called banana-jetty-context.xml under /opt/lucidworks-hdpsearch/solr/server/contexts and populate it with the following <?xml version="1.0"?> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd"> <Configure class="org.eclipse.jetty.webapp.WebAppContext"> <Set name="contextPath"><Property name="hostContext" default="/solr/banana"/></Set> <Set name="war"><Property name="jetty.base"/>/solr-webapp/webapp/banana</Set> <Set name="defaultsDescriptor"><Property name="jetty.base"/>/etc/webdefault.xml</Set> <Set name="extractWAR">false</Set> </Configure> Restart SOLR and access Banana UI using below URL. https://<knox-hostname>:8443/gateway/default/solr/banana/index.html#/dashboard ... View more