Thanks Larry for your help. It unblocked me.We are evaluating Knox for our
production. I will ping the group for any such quick help.
Regards,Mohammad
On Wednesday, October 26, 2016 5:43 PM, larry mccay <[email protected]>
wrote:
Hi Mohammad -
This is not at all recommended for production deployments.You can turn it off
with a param in gateway-site.xml called ssl.enabled - set it to false and you
don't need it for dev.
Alternatively, you can generally provide some client side setting to not
validate the server cert for dev environments.This allows you to continue to
have wire encryption though you don't have the assurance that you are talking
to the actual server that you expect. In dev, this is less of a concern.
You can also use keytool or porticle or some other tooling to export the public
cert for the gateway from {GATEWAY_HOME}/data/security/keystores/gateway.jks.
The alias is gateway-identity and the keystore password is your knox master
secret that you provided at startup, to the knoxcli create-master command or
through Ambari.
You can then add that public cert to your client specific truststore, etc.
HTH,
--larry
On Wed, Oct 26, 2016 at 3:12 PM, Mohammad Islam <[email protected]> wrote:
Hi,Currently Knox gateway service is defaulted to "https" protocol. Is there a
way to turn it off and make it "http" for dev purpose?
I'm getting the error "certificate signed by unknown authority" for some of the
https accesses.
Alternatively, is there a quick way of getting self-signed certificate for dev
and testing purpose?
Regards,Mohammad
