If you are using a Knox Gateway for connection to a Hortonworks Hadoop system and the Knox Gateway uses a certificate that is not issued by a trusted certificate authority (for example, it uses a self-signed certificate), you must retrieve the certificate used by the Knox server and install it in your Java Runtime certificate store.
-
Retrieve the Knox certificate by doing one of the following:
Option Description From the Knox server Run the command: keytool -export -alias gateway-identity -rfc -file knox.crt -keystore <path to gateway.jks keystore. For example: /usr/lib/knox/data/security/keystore/gateway.jks
From a web browser Follow your browser's instructions for exporting a certificate. For example, if you use Chrome:- Enter the Knox server:port in the address bar. You will see a message that the connection is not private.
- Click Advanced, and then click the Proceed to site link.
- Click on the lock in the address bar and select Details.
- Click View certificate.
- Select the Details tab in the resulting dialog and click the Copy to file... button.
- In the resulting Certificate Export Wizard, save the certificate as Base-64 encoded.
-
Install the certificate into your Java Runtime certificate store by running the command: %JDK_HOME%\bin\keytool.exe -importcert -alias "TDH240 Knox self-signed certificate" -file cert_location/<filename>.txt -keystore %JRE_HOME%\lib\security\cacerts where %JDK_HOME% is an environment variable with the location of a JDK and %JRE_HOME% is the location of the JRE used to run Studio.
The keytool.exe will ask for the password to the certificate store. The password is changeit unless you have already changed it.