Creating a Hortonworks Self-Signed Certificate - Teradata Studio

Teradata Studio User Guide

Product
Teradata Studio
Release Number
16.00
Published
March 2017
Language
English (United States)
Last Update
2018-03-29
dita:mapPath
hop1484765174877.ditamap
dita:ditavalPath
ft:empty
dita:id
B035-2041
lifecycle
previous
Product Category
Teradata Tools and Utilities
If you are using a Knox Gateway for connection to a Hortonworks Hadoop system and the Knox Gateway uses a certificate that is not issued by a trusted certificate authority (for example, it uses a self-signed certificate), you must retrieve the certificate used by the Knox server and install it in your Java Runtime certificate store.
  1. Retrieve the Knox certificate by doing one of the following:
    Option Description
    From the Knox server

    Run the command: keytool -export -alias gateway-identity -rfc -file knox.crt -keystore <path to gateway.jks keystore. For example: /usr/lib/knox/data/security/keystore/gateway.jks

    From a web browser
    Follow your browser's instructions for exporting a certificate. For example, if you use Chrome:
    1. Enter the Knox server:port in the address bar. You will see a message that the connection is not private.
    2. Click Advanced, and then click the Proceed to site link.
    3. Click on the lock in the address bar and select Details.
    4. Click View certificate.
    5. Select the Details tab in the resulting dialog and click the Copy to file... button.
    6. In the resulting Certificate Export Wizard, save the certificate as Base-64 encoded.
  2. Install the certificate into your Java Runtime certificate store by running the command: %JDK_HOME%\bin\keytool.exe -importcert -alias "TDH240 Knox self-signed certificate" -file cert_location/<filename>.txt -keystore %JRE_HOME%\lib\security\cacerts where %JDK_HOME% is an environment variable with the location of a JDK and %JRE_HOME% is the location of the JRE used to run Studio.

    The keytool.exe will ask for the password to the certificate store. The password is changeit unless you have already changed it.