You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@oozie.apache.org by "Robert Kanter (JIRA)" <ji...@apache.org> on 2015/07/28 02:34:04 UTC

[jira] [Updated] (OOZIE-2318) Provide better solution for specifying SSL truststore to Oozie Client

     [ https://issues.apache.org/jira/browse/OOZIE-2318?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robert Kanter updated OOZIE-2318:
---------------------------------
    Assignee: Wing Yew Poon  (was: Robert Kanter)

> Provide better solution for specifying SSL truststore to Oozie Client
> ---------------------------------------------------------------------
>
>                 Key: OOZIE-2318
>                 URL: https://issues.apache.org/jira/browse/OOZIE-2318
>             Project: Oozie
>          Issue Type: Sub-task
>          Components: docs
>    Affects Versions: trunk
>            Reporter: Robert Kanter
>            Assignee: Wing Yew Poon
>             Fix For: trunk
>
>
> When using a self-signed certificate, Java will not allow the Oozie CLI will not connect to the Oozie server without importing the cert into the JRE, as described in the docs [here|http://oozie.apache.org/docs/4.2.0/AG_Install.html#Configure_the_Oozie_Client_to_connect_using_SSL_HTTPS].  This has a number of downsides.
> Instead, we should get rid of that and replace it with directions on how to change where the Oozie CLI looks for the truststore:
> {noformat}
> export OOZIE_CLIENT_OPTS='-Djavax.net.ssl.trustStore=/path/to/oozie-truststore.jks -Djavax.net.ssl.trustStorePassword=password'
> {noformat}
> Along with directions on how to create the truststore from the keystore/cert.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)