SSL Security for HttpFS

On a secure cluster, HttpFS uses the secure-by-default configuration. Use the following topics to explicitly enable custom security on HttpFS.

You also need to enable SSL if custom security is enabled.

Enabling SSL Security for HttpFS
To enable SSL security for HttpFS, you need to use ssl_keystore and ssl_truststore, which are generated automatically for a secure cluster in /opt/mapr/conf/. When using SSL on insecure clusters, you need to manually generate keystore and truststore.
Configuring Certificate-Based Authentication for HttpFS
Starting from MEP-7.1.0, configuration of certificate-based authentication for HttpFS is no longer available. To configure certificate-based authentication for HttpFS, for MEP-7.0.x, you need to make changes to the server.xml and web.xml file and restart the HttpFS server. To use this method, each client requires a client certificate issued by trusted CA.
Verifying SSL Security for HttpFS
You need to run curl commands to verify that HTTPS is enabled for HttpFS.
Enabling SSL Security for HttpFS with Credential Provider
Starting from MEP-7.1.0, you can enable SSL security for HttpFS with credential provider. The CredentialProvider API is used to separate the use of sensitive tokens, secrets, and passwords from the applications. hadoop credential create command is used to provision a password to a particular credential store provider.

Parent topic: Configuring HttpFS