The following is based on stuff I did a while ago so I might be missing some
parts.
First you need to create a certificate. The following example creates a
self-signed one:
openssl genrsa -aes128 -out sparkssl.key 2048 -alias "standalone"
openssl rsa -in sparkssl.key -pubout -out sparkssl_public.key
openssl req -new -key sparkssl.key -out sparkssl.csr -alias "standalone"
openssl req -text -in sparkssl.csr –noout
openssl x509 -req -days 365 -in sparkssl.csr -signkey sparkssl.key -out
sparkssl.crt -alias "standalone"
Next you need to create a keystore and truststore:
keytool -keystore clientkeystore -genkey -alias standalone
keytool -import -file sparkssl.crt -alias smaster2 -keystore clientTrustStore
Now you can add SSL properties to your conf/spark-defaults.conf:
spark.ssl.enabled truespark.ssl.enabledAlgorithms
TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_2$
spark.ssl.keyPassword password
spark.ssl.keyStore /home/hduser/ssl/clientkeystore
spark.ssl.keyStorePassword password
spark.ssl.keyStoreType JKS
spark.ssl.protocol TLS
spark.ssl.trustStore /home/hduser/ssl/clientTrustStore
spark.ssl.trustStorePassword admin123
spark.ssl.trustStoreType JKS
spark.ui.https.enabled true
Hopefully, I didn’t miss anything
Thanks,
Assaf
From: Saisai Shao [mailto:sai.sai.s...@gmail.com]
Sent: Monday, August 21, 2017 5:28 PM
To: Anshuman Kumar <anshuman27ku...@gmail.com>
Cc: spark users <user@spark.apache.org>
Subject: Re: Spark Web UI SSL Encryption
Can you please post the specific problem you met?
Thanks
Jerry
On Sat, Aug 19, 2017 at 1:49 AM, Anshuman Kumar
<anshuman27ku...@gmail.com<mailto:anshuman27ku...@gmail.com>> wrote:
Hello,
I have recently installed Sparks 2.2.0, and trying to use it for some big data
processing. Spark is installed on a server that I access from a remote
computer. I need to setup SSL encryption for the Spark web UI, but following
some threads online I’m still not able to set it up.
Can someone help me with the SSL encryption.
Warm Regards.
-
To unsubscribe e-mail:
user-unsubscr...@spark.apache.org<mailto:user-unsubscr...@spark.apache.org>