To use SSL encryption when you use the WebHDFS API or HttpFS
API to communicate with the Hadoop Distributed File System (HDFS),
you might need to import the server public certificate into your truststore
and specify values for truststore parameters.
About this task
You must configure the truststore in the following scenarios:
- The server instance that you connect to uses a self-signed certificate.
- The server instance that you connect to uses a certificate that
is issued by an authority that is not contained in the default Java
truststore.
- You do not want to use the default Java truststore. The File connector
can use the default Java truststore, a custom truststore, or both.
Procedure
- Log in as the administrator user to the computer where
the InfoSphere® Information Server engine
tier host is installed.
- If a truststore does not exist, use the keytool Java™ utility to create a truststore
by issuing the following command:
keytool -genkey -alias alias -keystore truststore.jks -storepass password
Where
truststore.jks is
the name of the truststore to create and
alias is
a keystore entry where certificates are stored. The value specified
for
alias must be unique. The
default location for the keytool Java utility is
install_directory/jdk/bin/keytool.
- Move the server certificate (.pem)
file to the computer where the InfoSphere Information Server engine
tier is installed.
- Use the keytool Java utility to import the server certificate
into the File connector truststore by issuing the following command:
keytool -import -trustcacerts -alias alias -file pem_file -keystore truststore.jks -storepass password -noprompt
- To generate an encrypted version of the password, use
the IS_installation_directory/ASBNode/bin/encrypt.sh file
or encrypt.bat file.
- Create a properties file in plain text format, for example, properties.txt,
and add the following line:
password=password
Where
password is
an encrypted version of the password that was specified as the value
for the
-storepass
parameter for the keytool import
command.
- In the IS_installation_directory/Server/DSEngine/dsenv directory
or at the InfoSphere DataStage® project
level, set the following environment variables:
DS_TRUSTSTORE_LOCATION=path_to_the_truststore.jks_file
DS_TRUSTSTORE_PROPERTIES=path_to_the_properties.txt_file