Configuring MapR for HTTPS Upload to S3
About this task
By default, MapR only trusts its own self-signed certificates. To configure
MapR to trust the certificates used by AWS S3 for HTTPS upload, you must
configure additional trusted certificates. Add one of the
following to the /opt/mapr/conf/ssl_truststore
file on
every node in the cluster:
- The actual certificate used by the S3 endpoints you are using
- A signer of the actual certificate used by the S3 endpoints you are using
- A certificate higher in the trust chain that ultimately does sign the
certificate for the S3 endpointNOTE: Currently, the root certificate used by AWS S3 is the Baltimore CyberTrust root certificate provided by Digicert.
The following instructions are based on the assumption that you are adding the root certificate (known as the Baltimore CyberTrust root) provided by Digicert with a fingerprint of D4DE20D05E66FC53FE1A50882C78DB2852CAE474 and an expiration date of May 12, 2025. You can also add other certificates to the truststore.
Procedure
-
Download the Baltimore CyberTrust root certificate from the URL
specified by Digicert, as in the following example:
# cd /tmp # wget https://www.digicert.com/CACerts/BaltimoreCyberTrustRoot.crt
-
Add the certificate to the MapR truststore.