Saturday, November 09, 2013

Learned a bit - ACCUMULO - generate_monitor_certificate.sh

After learned a bit - ACCUMULO. I could monitor by http://localhost:50095/status. How to use HTTPS? It's very easy - Create Certificate and Modify accumulo-site.xml file.
Example:
[root@centos01 bin]# ./generate_monitor_certificate.sh
What is your first and last name?
  [Unknown]:  Surachart Opun
What is the name of your organizational unit?
  [Unknown]:  SO
What is the name of your organization?
  [Unknown]:  SURACHARTOPUN
What is the name of your City or Locality?
  [Unknown]:  Bangkok
What is the name of your State or Province?
  [Unknown]:
What is the two-letter country code for this unit?
  [Unknown]:  TH
Is CN=Surachart Opun, OU=SO, O=SURACHARTOPUN, L=Bangkok, ST=Unknown, C=TH correct?
  [no]:
What is your first and last name?
  [Surachart Opun]:
What is the name of your organizational unit?
  [SO]:
What is the name of your organization?
  [SURACHARTOPUN]:
What is the name of your City or Locality?
  [Bangkok]:
What is the name of your State or Province?
  [Unknown]:
What is the two-letter country code for this unit?
  [TH]:
Is CN=Surachart Opun, OU=SO, O=SURACHARTOPUN, L=Bangkok, ST=Unknown, C=TH correct?
  [no]:  y

Certificate stored in file </opt/accumulo/accumulo-1.5.0/conf/server.cer>
Owner: CN=Surachart Opun, OU=SO, O=SURACHARTOPUN, L=Bangkok, ST=Unknown, C=TH
Issuer: CN=Surachart Opun, OU=SO, O=SURACHARTOPUN, L=Bangkok, ST=Unknown, C=TH
Serial number: 2336dd54
Valid from: Sat Nov 09 14:56:00 ICT 2013 until: Fri Feb 07 14:56:00 ICT 2014
Certificate fingerprints:
         MD5:  76:C3:CC:3C:70:E9:B3:AD:83:27:45:BD:E8:6F:D0:9B
         SHA1: 27:1A:D8:B0:4D:91:A4:CF:DB:4A:3A:2D:42:CC:91:09:89:93:5A:08
         SHA256: 61:10:7D:86:9F:21:D9:79:E7:50:89:8E:AA:2E:63:1B:34:5D:8E:90:17:9C:34:05:FA:D3:C9:B9:09:8F:98:C0
         Signature algorithm name: SHA256withRSA
         Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 5C 9F 5D B5 AC 5F 99 11   AC C1 DF 9D E5 D9 F7 F0  \.].._..........
0010: 5B 1F 6E FD                                        [.n.
]
]

Trust this certificate? [no]:  Certificate was added to keystore
[Storing /opt/accumulo/accumulo-1.5.0/conf/cacerts.jks]

keystore and truststore generated.  now add the following to accumulo-site.xml:

    <property>
      <name>monitor.ssl.keyStore</name>
      <value>/opt/accumulo/accumulo-1.5.0/conf/keystore.jks</value>
    </property>
    <property>
      <name>monitor.ssl.keyStorePassword</name>
      <value>#@#@#@!##@$</value>
    </property>
    <property>
      <name>monitor.ssl.trustStore</name>
      <value>/opt/accumulo/accumulo-1.5.0/conf/cacerts.jks</value>
    </property>
    <property>
      <name>monitor.ssl.trustStorePassword</name>
      <value>@##@#!#@#@</value>
    </property>

[root@centos01 bin]# vi ../conf/accumulo-site.xml
[root@centos01 bin]# ./accumulo monitor &
[1] 20151
[root@centos01 bin]#
Now! be able to use HTTPS -  https://localhost:50095/status
Note: You can not use HTTP - https://localhost:50095/status  anymore.

Related Post:
Learned a bit - ACCUMULO

No comments: