Import your certificate in the JVM trustore with keytool (the certificate store management tool, shipped with the JVM). der, or PKCS#7 certificate chain, typically named. Prepare the certificate(s) to add, in one of the supported file formats (binary- or base64-encoded DER, typically named. Locate the default truststore file, at JAVA_HOME/jre/lib/security/cacerts This should resolve to JAVA_HOME/jre/bin/java where JAVA_HOME is the installation directory for this JVM. Locate the physical installation directory of this JVM with : readlink -f /PATH/TO/java. You will need write access to the Java installation for this (that would be root access for the typical case where the JVM has been installedĬheck which JVM is used by FM by looking for variable DKUJAVABIN in file DATADIR/bin/env-default.sh
In most cases, you can use one ofĪdd a local certificate to the global JVM truststore ¶ You should refer to the documentation of your JVM and/or Linux distribution for the precise procedure for this. To the trusted list of the JVM used by FM (a.k.a. It is then necessary to add additional certificates However, resources internal to your organization are typicallyĬertified by private certification authorities, or by standalone (self-signed) certificates. Which normally covers all legitimate publicly-accessible Internet resources. The JVM comes with a default list of well-known Internet-based certification authorities, Is derived from a trusted certification authority. In all these cases, the Java runtime used by FM needs to be able to verify the identity of the remote server, by checking that its certificate
ThisĬonnecting to Hadoop components (Hive, Impala) over SSL-based connectionsĬonnecting to SQL databases, MongoDB, Cassandra, … over secure connections There are a number of configurations where FM needs to connect to external resources using secure network connections (SSL / TLS).
0 kommentar(er)
