SSL Certificates in Secure and Unsecure MapR Clusters

The Drill server requires an SSL certificate. The certificate can be self-signed or signed by a CA (Certificate Authority).

The sections below describe how to use SSL certificates in secure and unsecure MapR clusters.

SSL in a Secure MapR Cluster

By default, SSL is configured in a secure MapR cluster, but not enabled. In a secure cluster the keystore is configured for you. The security in a MapR cluster uses a self-signed certificate. If you have a certificate signed by a certificate authority, follow the instructions for Importing a Certificate Authority Signed (CA Signed) SSL Certificate Into a MapR Cluster and then enable and configure SSL.

To use SSL, enable the SSL option and then modify any of the available configuration options, if needed.
Note: To enable SSL for the ODBC/JDBC client to Drillbit communication path, you must enable SSL on the client side and Drillbit. See Drill Drivers for client instructions. See Configuring SSL/TLS for the Drillbit.
Note: To enable SSL for the Drill Web UI, see Configuring the Drill Web UI and Web API Security.
After you modify the configuration options, restart Drill, as shown:
$ maprcli node services -name drill-bits -action restart -nodes <node host names separated by a space>

SSL in an Unsecure MapR Cluster

Before you can enable SSL in an unsecure MapR cluster, you must either get or generate a certificate and then import the certificate into the Java keystore. You can do this using the Java keytool utility. See To Use keytool to Create a Server Certificate for instructions.

If you have a custom certificate, you can import it using the method described in Importing a Certificate Authority Signed (CA Signed) SSL Certificate Into a MapR Cluster. You may also want to reference this document.

After you generate or import a server certificate, add the path (and password) to the keystore in the SSL configuration for Drill. See Configuring SSL for information on how to update the SSL configuration.

Restart Drill after you modify the configuration options, as shown:

$ maprcli node services -name drill-bits -action restart -nodes <node host names separated by a space>