Cloudera Enterprise 6.3.x | Other versions

Configuring TLS/SSL for HttpFS

  Important: This information applies specifically to CDH 6.3.x. If you use an earlier version of CDH, see the documentation for that version located at Cloudera Documentation.

    Minimum Required Role: Configurator (also provided by Cluster Administrator, Full Administrator)

    The steps for configuring and enabling TLS/SSL for HttpFS using Cloudera Manager are as follows:
    1. Go to the HDFS service
    2. Click the Configuration tab.
    3. Select Scope > HttpFS.
    4. Select > Security.
    5. Edit the following TLS/SSL properties according to your cluster configuration:
      Table 1. HttpFS TLS/SSL Properties
      Property Description
      Use TLS/SSL Use TLS/SSL for HttpFS.
      HttpFS Keystore File Location of the keystore file used by the HttpFS role for TLS/SSL.

      Default: /var/run/hadoop-httpfs/.keystore. Note that the default location for the keystore file is on non-persistent disk.

      HttpFS Keystore Password Password of the keystore used by the HttpFS role for TLS/SSL.

      If the keystore password has a percent sign, it must be escaped. For example, for a password that is pass%word, use pass%%word.

      HttpFS TLS/SSL Certificate Trust Store File The location on disk of the truststore, in .jks format, used to confirm the authenticity of TLS/SSL servers that HttpFS might connect to. This is used when HttpFS is the client in a TLS/SSL connection.
      HttpFS TLS/SSL Certificate Trust Store Password The password for the HttpFS TLS/SSL Certificate Trust Store File. This password is not required to access the truststore; this field can be left blank.

      If the truststore password has a percent sign, it must be escaped. For example, for a password that is pass%word, use pass%%word.

    6. Click Save Changes.
    7. Restart the HDFS service.

    Connect to the HttpFS Web UI using TLS/SSL (HTTPS)

    Use https://<httpfs_server_hostname>:14000/webhdfs/v1/, though most browsers should automatically redirect you if you use http://<httpfs_server_hostname>:14000/webhdfs/v1/

    Page generated August 29, 2019.