Community Articles

Find and share helpful community-sourced technical articles.
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Labels (1)
avatar
Expert Contributor

if you want to verify the Certificate contents of KNOX Server execute below command

openssl s_client -showcerts -connect 127.0.0.1:8443

if developers want to connect to KNOX with SSL enabled

copy cert contents from above command to knox.crt file and import to a Keystore by executing below command

keytool -import -keystore myLocalTrustStore.jks -file knox.crt

Now developers use as below

beeline> !connect "jdbc:hive2://hadoop-knox.dev.XXXX.com:8443/default;transportMode=http;

httpPath=gateway/default/hive;ssl=true;sslTrustStore=/tmp/knoxhacerts/new/myLocalTrustStore.jks;trustStorePassword=knoxdev"

Hive JDBC

jdbc:hive2://{gateway-host}:{gateway-port}/;

ssl=true;

sslTrustStore={gateway-trust-store-path};

trustStorePassword={gateway-trust-store-password};

transportMode=http;

httpPath={gateway-path}/{cluster-name}/hive

If you want to list the imported certs in a JKS file execute below command.

keytool -v -list -keystore gateway.jks

command to create new truststore myNewTrustSTore.jks

keytool -import -alias knox -keystore ./myNewTrustStore.jks -file ./knox-cert.pem

knox-cert.pem is the cert you saved knox.crt certificate in pem format

if you want to change SSL certificate for KNOX

http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.2/bk_Security_Guide/content/knox_ca_signed_cer...

Pls upvote if this article helps.

1,970 Views
Version history
Last update:
‎04-27-2017 06:45 PM
Updated by:
Contributors