Configuring Your Scheduler for SSL

Your scheduler requires a trust store, key store and launch parameters to use SSL.

Create a Trust Store and and Key Store on Your Scheduler

You must create a trust store and key store on your scheduler.

  1. Create a trust store on your scheduler by importing your certificate. The following example shows a typical trust store command.
    keytool -keystore schedulername.truststore.jks -alias caroot -import -file ca-cert			
  2. Create a key store on your scheduler, as shown in the following example. The following example shows a typical series of key store commands.
    keytool -keystore schedulername.keystore.jks -alias vsched -validity 365 -keyalg RSA –genkey
    keytool -keystore schedulername.keystore.jks -alias vsched -certreq -file cert-file
    openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days 365
    keytool -keystore schedulername.keystore.jks -alias caroot -import -file ca-cert
    keytool -keystore schedulername.keystore.jks -alias vsched -import -file cert-signed

Launch Your Scheduler with SSL Enabled

When you launch your scheduler, you must include SSL parameters to enable SSL support. For more information on scheduler utility parameters, refer to Scheduler Utility Options.

The following example shows a launch command including all the required SSL parameters

/opt/vertica/packages/kafka/bin/vkconfig launch --enable-SSL true
--ssl-ca-alias authenticcert --ssl-key-alias ourkey --ssl-key-password secret