You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@oozie.apache.org by "Robert Kanter (JIRA)" <ji...@apache.org> on 2015/07/28 02:21:04 UTC

[jira] [Created] (OOZIE-2318) Provide better solution for specifying SSL truststore to Oozie Client

Robert Kanter created OOZIE-2318:
------------------------------------

             Summary: Provide better solution for specifying SSL truststore to Oozie Client
                 Key: OOZIE-2318
                 URL: https://issues.apache.org/jira/browse/OOZIE-2318
             Project: Oozie
          Issue Type: Sub-task
          Components: docs
    Affects Versions: trunk
            Reporter: Robert Kanter


When using a self-signed certificate, Java will not allow the Oozie CLI will not connect to the Oozie server without importing the cert into the JRE, as described in the docs [here|http://oozie.apache.org/docs/4.2.0/AG_Install.html#Configure_the_Oozie_Client_to_connect_using_SSL_HTTPS].  This has a number of downsides.

Instead, we should get rid of that and replace it with directions on how to change where the Oozie CLI looks for the truststore:
{noformat}
export OOZIE_CLIENT_OPTS='-Djavax.net.ssl.trustStore=/path/to/oozie-truststore.jks -Djavax.net.ssl.trustStorePassword=password'
{noformat}
Along with directions on how to create the truststore from the keystore/cert.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)