Ambari启用https访问(ssl)
1、创建目录
- # mkdir/etc/ambari-server/certs
- # cd /etc/ambari-server/certs/
- # export AMBARI_SERVER_HOSTNAME=c2bde55
2、生成证书
- # openssl genrsa -passout pass:hadoop -out $AMBARI_SERVER_HOSTNAME.key 2048
- # openssl req -new -key $AMBARI_SERVER_HOSTNAME.key -out $AMBARI_SERVER_HOSTNAME.csr
-
- # openssl x509 -req -days 3650 -in $AMBARI_SERVER_HOSTNAME.csr -signkey $AMBARI_SERVER_HOSTNAME.key -out $AMBARI_SERVER_HOSTNAME.crt
3、安装
# ambari-server setup-security
- # ambari-server restart
- # cat /etc/ambari-server/conf/ambari.properties
4、导入truststore
#
cd /etc/ambari-server/certs/
#
keytool -import -file /etc/ambari-server/certs/c2bde55.crt -alias ambari-server -keystore ambari-server-truststore
#
ambari-server setup-security
# ambari-server restart
# cat /etc/ambari-server/conf/ambari.properties
5、解决view访问证书问题
# keytool -keystore /etc/ambari-server/certs/ambari-server-truststore -storepass [email protected] -alias CARoot
-import -file /etc/security/ca-cert
# keytool -keystore /etc/ambari-server/certs/ambari-server-truststore -storepass [email protected] -alias localhost
-import -file /etc/security/cert-signed -keypass <ca-password>
重要:相关证书验证导入到$JAVA_HOME/jre/lib/security/cacerts时,也同样需要导入到/etc/ambari-server/certs/ambari-server-truststore中
链接:https ca证书安装生成: