Ambari启用https访问（ssl）

1、创建目录

1. # mkdir/etc/ambari-server/certs
2. # cd /etc/ambari-server/certs/
3. # export AMBARI_SERVER_HOSTNAME=c2bde55

2、生成证书

1. # openssl genrsa -passout pass:hadoop -out $AMBARI_SERVER_HOSTNAME.key 2048
2. # openssl req -new -key $AMBARI_SERVER_HOSTNAME.key -out $AMBARI_SERVER_HOSTNAME.csr
3. 
   
4. # openssl x509 -req -days 3650 -in $AMBARI_SERVER_HOSTNAME.csr -signkey $AMBARI_SERVER_HOSTNAME.key -out $AMBARI_SERVER_HOSTNAME.crt

3、安装

# ambari-server setup-security

1. # ambari-server restart
2. # cat /etc/ambari-server/conf/ambari.properties 
   

4、导入truststore

# cd /etc/ambari-server/certs/

# keytool -import -file /etc/ambari-server/certs/c2bde55.crt -alias ambari-server -keystore ambari-server-truststore

# ambari-server setup-security

# ambari-server restart

# cat /etc/ambari-server/conf/ambari.properties 

5、解决view访问证书问题

# keytool -keystore /etc/ambari-server/certs/ambari-server-truststore -storepass 1qaz@WSX -alias CARoot -import -file /etc/security/ca-cert

# keytool -keystore /etc/ambari-server/certs/ambari-server-truststore -storepass 1qaz@WSX -alias localhost -import -file /etc/security/cert-signed -keypass <ca-password>

重要：相关证书验证导入到$JAVA_HOME/jre/lib/security/cacerts时，也同样需要导入到/etc/ambari-server/certs/ambari-server-truststore中

链接：https ca证书安装生成：

http://www.cnblogs.com/zhaojiedi1992/p/zhaojiedi_linux_011_ca.html

http://blog.csdn.net/wjc19911118/article/details/45672733

http://blog.csdn.net/u012749168/article/details/52851431