16.00 - Creating a Hortonworks Self-Signed Certificate - Teradata Studio

Teradata Studio User Guide

Teradata Studio
March 2017
User Guide
If you are using a Knox Gateway for connection to a Hortonworks Hadoop system and the Knox Gateway uses a certificate that is not issued by a trusted certificate authority (for example, it uses a self-signed certificate), you must retrieve the certificate used by the Knox server and install it in your Java Runtime certificate store.
  1. Retrieve the Knox certificate by doing one of the following:
    Option Description
    From the Knox server

    Run the command: keytool -export -alias gateway-identity -rfc -file knox.crt -keystore <path to gateway.jks keystore. For example: /usr/lib/knox/data/security/keystore/gateway.jks

    From a web browser
    Follow your browser's instructions for exporting a certificate. For example, if you use Chrome:
    1. Enter the Knox server:port in the address bar. You will see a message that the connection is not private.
    2. Click Advanced, and then click the Proceed to site link.
    3. Click on the lock in the address bar and select Details.
    4. Click View certificate.
    5. Select the Details tab in the resulting dialog and click the Copy to file... button.
    6. In the resulting Certificate Export Wizard, save the certificate as Base-64 encoded.
  2. Install the certificate into your Java Runtime certificate store by running the command: %JDK_HOME%\bin\keytool.exe -importcert -alias "TDH240 Knox self-signed certificate" -file cert_location/<filename>.txt -keystore %JRE_HOME%\lib\security\cacerts where %JDK_HOME% is an environment variable with the location of a JDK and %JRE_HOME% is the location of the JRE used to run Studio.

    The keytool.exe will ask for the password to the certificate store. The password is changeit unless you have already changed it.