Java

SSL

This is required for self-signed or internally signed certificates. Another option is to change cacerts for the Java installation.

Add Certificate to a Truststore

openssl s_client -showcerts -connect ${SSLHOST}:${SSLPORT} </dev/null 2>/dev/null > ${SSLHOST}.crt
keytool -import -keystore ${TRUSTSTORE_PATH}.jks -file ${SSLHOST}.crt -storepass ${TRUSTSTORE_PASSWORD} -alias $SSLHOST -noprompt
rm ${SSLHOST}.crt

Use Truststore

java \
  ... \
  -Djavax.net.ssl.trustStore=${TRUSTSTORE_PATH}.jks \
  -Djavax.net.ssl.trustStorePassword=${TRUSTSTORE_PASSWORD} \
  ... \
  MainClass \
  Args...

Kerberos

java \
  ... \
  -Djava.security.auth.login.config=PATH_TO_JAAS.conf  \
  ... \
  MainClass \
  Args...

JAAS

• https://docs.oracle.com/javase/8/docs/technotes/guides/security/jaas/JAASRefGuide.html
• https://steveloughran.gitbooks.io/kerberos_and_hadoop/content/sections/jaas.html

Ticket Cache

Client {
  com.sun.security.auth.module.Krb5LoginModule required
  useTicketCache=true;
};

Keytab

Client {
  com.sun.security.auth.module.Krb5LoginModule required
  useTicketCache=false
  useKeyTab=true
  principal="[email protected]"
  keyTab="PATH_TO_KEYTAB.keytab"
  renewTicket=true
  storeKey=true;
};