Enable SSL or HTTPS for Oozie Web UI

In this article I have tried to explain the process to setup ssl or https for oozie where I will use a self-signed certificate for initial trials setup Oozie web console access over HTTPS. Remember that the self signed certificates are not suitable for production environments.

Step 1: Create keystore file first with self signed certificate.

[oozie@m2 ~]$ keytool -genkey -keyalg RSA -alias ooziehost -keystore keystore.jks -validity 360 -keysize 2048
Enter keystore password:  
Re-enter new password: 
What is your first and last name?
  [Unknown]:  
What is the name of your organizational unit?
  [Unknown]:  
What is the name of your organization?
  [Unknown]:  
What is the name of your City or Locality?
  [Unknown]:  
What is the name of your State or Province?
  [Unknown]:  
What is the two-letter country code for this unit?
  [Unknown]:  
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes

Enter key password for <ooziehost>
	(RETURN if same as keystore password):  

Step 2: Login to ambari and add the following properties to “Advance oozie-env”

export OOZIE_HTTPS_PORT=11443
export OOZIE_HTTPS_KEYSTORE_FILE=/home/oozie/keystore.jks
export OOZIE_HTTPS_KEYSTORE_PASS=bigdata

Step 3: Save and restart oozie service.

Step 4: Now launch the Oozie UI from quick links – you should be able to access the URL
https://m2.hdp22:11443/oozie/

or if you will use old url also then it will redirect you to the port 11443.

I hope it helped you to configure oozie ssl,feel free to give your valuable feedback or suggestions.


Leave a Reply