[
https://issues.apache.org/jira/browse/AMBARI-8145?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sumit Gupta updated AMBARI-8145:
--------------------------------
Attachment: AMBARI-8145.patch
End to end tested the patch on a Centos 6.4 machine. Before the patch, after
installing and starting Knox via the HDP 2.2 repo, an auto generated cert for
localhost was loaded up by Knox. After the patch, Knox loads up the cert with
the hostname that it is installed on. This can be seen in the log file
gateway.log with the following entries (for example):
2014-11-04 21:13:24,578 INFO hadoop.gateway (JettySSLService.java:init(77)) -
Credential store for the gateway instance found - no need to create one.
2014-11-04 21:13:24,580 INFO hadoop.gateway (JettySSLService.java:init(91)) -
Keystore for the gateway instance found - no need to create one.
2014-11-04 21:13:24,585 INFO hadoop.gateway
(JettySSLService.java:logAndValidateCertificate(108)) - The Gateway SSL
certificate is issued to hostname: c6401.ambari.apache.org.
Also on subsequent stops and starts, the cert is not regenerated as the code
checks for the presence of the file gateway.jks.
> Knox install should generate a good self signed certificate
> -----------------------------------------------------------
>
> Key: AMBARI-8145
> URL: https://issues.apache.org/jira/browse/AMBARI-8145
> Project: Ambari
> Issue Type: Bug
> Components: stacks
> Affects Versions: 1.7.0
> Reporter: Sumit Gupta
> Priority: Critical
> Fix For: 1.7.0
>
> Attachments: AMBARI-8145.patch
>
>
> When Knox is installed and started, if the process doesn't find a certificate
> in the keystore it generates one for localhost. This needs to be generated
> explicitly using the fully qualified host name where Knox is installed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
