You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oozie.apache.org by "Rohini Palaniswamy (JIRA)" <ji...@apache.org> on 2015/09/04 23:40:46 UTC
[jira] [Commented] (OOZIE-2318) Provide better solution for
specifying SSL truststore to Oozie Client
[ https://issues.apache.org/jira/browse/OOZIE-2318?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14731479#comment-14731479 ]
Rohini Palaniswamy commented on OOZIE-2318:
-------------------------------------------
+1
> Provide better solution for specifying SSL truststore to Oozie Client
> ---------------------------------------------------------------------
>
> Key: OOZIE-2318
> URL: https://issues.apache.org/jira/browse/OOZIE-2318
> Project: Oozie
> Issue Type: Sub-task
> Components: docs
> Affects Versions: trunk
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Fix For: trunk
>
> Attachments: OOZIE-2318.001.patch
>
>
> When using a self-signed certificate, Java will not allow the Oozie CLI will not connect to the Oozie server without importing the cert into the JRE, as described in the docs [here|http://oozie.apache.org/docs/4.2.0/AG_Install.html#Configure_the_Oozie_Client_to_connect_using_SSL_HTTPS]. This has a number of downsides.
> Instead, we should get rid of that and replace it with directions on how to change where the Oozie CLI looks for the truststore:
> {noformat}
> export OOZIE_CLIENT_OPTS='-Djavax.net.ssl.trustStore=/path/to/oozie-truststore.jks -Djavax.net.ssl.trustStorePassword=password'
> {noformat}
> Along with directions on how to create the truststore from the keystore/cert.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)