Hi all,
I authored a blog post after digging into how to use openssl and keytool
(after some help from Billie and Michael Berman) to generate the proper
certificates stored in Java KeyStores, for Accumulo to configure the
Thrift servers to run over SSL. At a high level, the steps create a
certificate authority, and then use that to generate certs for
clients/servers, and then load them into Java KeyStores for consumption.
I just finished this up, so I'm not too worried about grammar at this
point, but I am very concerned about advertising something that is
inherently insecure. Any information about where I'm doing something
"bad", and what should be done instead, would be *greatly* appreciated.
For those with a blogs/roller account, check out[1], and for everyone
else, use [2].
Thanks everyone!
- Josh
[1]
https://blogs.apache.org/roller-ui/authoring/preview/accumulo/?previewEntry=generating_keystores_for_configuring_accumulo
[2] http://people.apache.org/~elserj/ssl-blog.html
