If you use a Knox Gateway to connect to a Hortonworks Hadoop system, and the Knox Gateway uses a certificate that is not issued by a trusted certificate authority (for example, it uses a self-signed certificate), you must retrieve the certificate used by the Knox server and install it in your Java Runtime certificate store.
- Do one of the following:
Option Action From the Knox server Run the command: keytool -export -alias gateway-identity -rfc -file knox.crt -keystore <path to gateway.jks keystore.
For example: /usr/lib/knox/data/security/keystore/gateway.jks
From a web browser Follow your browser's instructions for exporting a certificate. For example, if you use Chrome:- Enter the Knox server:port in the address bar. You will see a message that the connection is not private.
- Click the Google customize and control icon in the upper right hand corner of the window to open the drop-down menu. Depending on your version of Google, this may appear as an orange circular icon or three vertical dots.
- Select More tools and then Developer tools.
- In the Developer tools view, select the Security tab.
- Click View certificate.
- Select the Details tab in the resulting dialog and click Copy to file....
- Save the certificate as Base-64 encoded.
- Install the certificate into your Java Runtime certificate store:%JDK_HOME%\bin\keytool.exe -importcert -alias "TDH240 Knox self-signed certificate" -file cert_location/<filename>.txt -keystore %JRE_HOME%\lib\security\cacertswhere:
- %JDK_HOME% is an environment variable with the location of a JDK
- %JRE_HOME% is the location of the JRE used to run Studio
The keytool.exe prompts for the password to the certificate store. The password is changeit unless you have already changed it.