Understanding the Key Store and Trust Store Files

Provides a comprehensive listing of the key store and trust store files.

Key Stores and Trust Stores in Release 6.1.0

The following files are generated by running configure.sh -dare -genkeys on a CLDB node. Alternatively, you can generate them by running the manageSSLKeys.sh script. The ssl_keystore, ssl_keystore.p12, ssl_keystore.pem, ssl_truststore, ssl_truststore.p12, and ssl_truststore.pem files are also generated during installation of the Web server, even if you did not enable security. For more information, see Enabling Security.

cldb.key: Location: /opt/mapr/conf; Description: The CLDB key file. This file must exist on all CLDB nodes and be identical.
dare.master.key: Location: /opt/mapr/conf; Description: The key file that enables data-at-rest encryption. The dare.master.key file is generated only if data-at-rest encryption is enabled on the cluster. This file must be copied to all the nodes with the CLDB service installed.
maprserverticket: Location: /opt/mapr/conf; Description: The server ticket. This file must exist on all cluster nodes and be identical.
ssl-client.xml: Location (symlink): /opt/mapr/conf; Location (file): ${MAPR_HOME}/hadoop/hadoop-<version>/etc/hadoop/ssl-client.xml; Description: Contains the SSL configuration for the client in XML format.
ssl_keystore: Location: /opt/mapr/conf; Description: This file is needed on all nodes where the webserver is running.
ssl_keystore.p12: Location: /opt/mapr/conf; Description: When upgrading from MapR Core 5.2.2 or Core 6.0.x to MapR 6.1 or later, create the ssl_keystore.p12 and ssl_truststore.p12 files. Copy them to the /opt/mapr/conf directory on all nodes in the cluster. The .p12 files are required to generate the .pem files needed by Grafana and the Data Access Gateway. This step is necessary only for manual upgrades.
ssl_keystore.pem: Location: /opt/mapr/conf; Description: When upgrading from MapR Core 5.2.2 or Core 6.0.x to MapR 6.1 or later, create the ssl_truststore.pem and ssl_keystore.pem files. Copy them to the /opt/mapr/conf directory on all nodes in the cluster. The Data Access Gateway, Grafana, and Hue components use these files. This step is necessary only for manual upgrades.
ssl-server.xml: Location (symlink): /opt/mapr/conf; Location (file): ${MAPR_HOME}/hadoop/hadoop-<version>/etc/hadoop/ssl-server.xml; Description: Contains the SSL configuration for the server in XML format.
ssl_truststore: Location: /opt/mapr/conf; Description: contains the certificates required by nodes initiating communication over TLS.
ssl_truststore.p12: Location: /opt/mapr/conf; Description: When upgrading from MapR Core 5.2.2 or Core 6.0.x to MapR 6.1 or later, create the ssl_keystore.p12 and ssl_truststore.p12 files, and copy them to the /opt/mapr/conf directory on all nodes in the cluster. The .p12 files are required to generate the .pem files needed by Grafana and the Data Access Gateway. This step is necessary only for manual upgrades.
ssl_truststore.pem: Location: /opt/mapr/conf; Description: When upgrading from MapR Core 5.2.2 or Core 6.0.x to MapR 6.1 or later, create the ssl_truststore.pem and ssl_keystore.pem files. Copy them to the /opt/mapr/conf directory on all nodes in the cluster. The Data Access Gateway, Grafana, and Hue components use these files. This step is necessary only for manual upgrades.