Retrieve the Knox certificate by doing one of the following:
Option Description From the Knox server
Run the command: keytool -export -alias gateway-identity -rfc -file knox.crt -keystore <path to gateway.jks keystore. For example: /usr/lib/knox/data/security/keystore/gateway.jks
From a web browserFollow your browser's instructions for exporting a certificate. For example, if you use Chrome:
- Enter the Knox server:port in the address bar. You will see a message that the connection is not private.
- Click the Google customize and control icon in the upper right hand corner of the window to open the drop-down menu. Depending on your version of Google, this may appear as an orange circular icon or three vertical dots.
- Select More tools and then Developer tools
- In the Developer tools view, open the Security tab.
- Click View certificate.
- Select the Details tab in the resulting dialog and click the Copy to file... button.
- In the resulting Certificate Export Wizard, save the certificate as Base-64 encoded.
Install the certificate into your Java Runtime certificate store by running the command: %JDK_HOME%\bin\keytool.exe -importcert -alias "TDH240 Knox self-signed certificate" -file cert_location/<filename>.txt -keystore %JRE_HOME%\lib\security\cacerts where %JDK_HOME% is an environment variable with the location of a JDK and %JRE_HOME% is the location of the JRE used to run Studio.
The keytool.exe will ask for the password to the certificate store. The password is changeit unless you have already changed it.
If you are using a Knox Gateway for connection to a Hortonworks Hadoop system and the Knox Gateway uses a certificate that is not issued by a trusted certificate authority (for example, it uses a self-signed certificate), you must retrieve the certificate used by the Knox server and install it in your Java Runtime certificate store.