Data Analytics Studio Installation
Also available as:
PDF

Set up self-signed certificates

You can enable SSL for the DAS Engine using a self-signed certificate. Self-signed certificates are primarily used in test environments. For a production environment, you should use a certificate from a trusted CA.

You must have root user access to the clusters on which DAS Engine is installed.
  1. Log in as root user on the cluster with DAS Engine installed.
  2. Generate a key pair and keystore for use with DAS Engine.
    keytool -genkey -alias jetty -keystore <certificate_file_path> 
    -storepass <keystore_password> -dname 'CN=das.host.com, OU=Eng, O=ABC Corp, 
    L=Santa Clara, ST=CA, C=US' -keypass <key_password>
    Note
    Note
    Ignore the following warning:
    The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore <keystore_file_path> -destkeystore <keystore_file_path> -deststoretype pkcs12".
    Follow the prompts and enter the required information.
    • CN must be the FQDN of the DAS Engine host.
    • Default value for the key password is password.

      If you change the password, then you have to update the DAS configuration.

    Following is a sample command output:
    keytool -genkey -alias jetty -keystore ~/tmp/ks -storepass password
    What is your first and last name?
      [Unknown]:  das.host.com
    What is the name of your organizational unit?
      [Unknown]:  Eng
    What is the name of your organization?
      [Unknown]:  ABC Corp
    What is the name of your City or Locality?
      [Unknown]:  Santa Clara
    What is the name of your State or Province?
      [Unknown]:  CA
    What is the two-letter country code for this unit?
      [Unknown]:  US
    Is CN=das.host.com, OU=Eng, O=ABC Corp, L=Santa Clara, ST=CA, C=US correct?
      [no]:  yes
    
    Enter key password for <jetty>
      (RETURN if same as keystore password):
    
    Note
    Note
    You will have to use this keystore file while configuring the DAS Engine for TLS in Ambari.
  3. Export the certificate.
    keytool -exportcert -alias jetty -keystore /my/file.keystore -file <certificate file path> -storepass <keystore_password> -rfc