See http://druid.io/docs/0.11.0-rc2/operations/tls-support.html for reference docs.
Quick start:
- Add "simple-client-sslcontext" to druid.extensions.loadList in common.runtime.properties.
- Add the properties below to common.runtime.properties.
- For local testing, create a new self-signed certificate using the following command (but for production you should use a real certificate signed by a CA). Note that with these certificates the important part is the CN, which must match the hostname of your server. The command for testing purposes is: openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 3650 -out cert.pem
- Create pkcs12 bundle with: openssl pkcs12 -inkey key.pem -in cert.pem -export -out key.p12 -name druid
- Create keystore: keytool -importkeystore -destkeystore imply-keystore.jks -srckeystore key.p12 -srcstoretype PKCS12
- Create truststore: keytool -import -alias druid -file cert.pem -keystore imply-truststore.jks
Properties for common.runtime.properties:
druid.enablePlaintextPort=false
druid.enableTlsPort=true
druid.server.https.keyStoreType=jks
druid.server.https.keyStorePath=imply-keystore.jks
druid.server.https.keyStorePassword=imply123 # replace with your own password
druid.server.https.certAlias=druid
druid.client.https.protocol=TLSv1.2
druid.client.https.trustStoreType=jks
druid.client.https.trustStorePath=imply-truststore.jks
druid.client.https.trustStorePassword=imply123 # replace with your own password
which path I need to keep imply-keystore.jks in my linux, i get exception: Error in custom provider, java.lang.RuntimeException: java.nio.file.NoSuchFileException: truststore.jks # replace with correct turstStore file