Hi Mohammad -
This is not at all recommended for production deployments.
You can turn it off with a param in gateway-site.xml called ssl.enabled -
set it to false and you don't need it for dev.
Alternatively, you can generally provide some client side setting to not
validate the server cert for dev environments.
This allows you to continue to have wire encryption though you don't have
the assurance that you are talking to the actual server that you expect. In
dev, this is less of a concern.
You can also use keytool or porticle or some other tooling to export the
public cert for the gateway from
{GATEWAY_HOME}/data/security/keystores/gateway.jks. The alias is
gateway-identity and the keystore password is your knox master secret that
you provided at startup, to the knoxcli create-master command or through
Ambari.
You can then add that public cert to your client specific truststore, etc.
HTH,
--larry
On Wed, Oct 26, 2016 at 3:12 PM, Mohammad Islam <[email protected]> wrote:
> Hi,
> Currently Knox gateway service is defaulted to "https" protocol. Is there
> a way to turn it off and make it "http" for dev purpose?
>
> I'm getting the error "certificate signed by unknown authority" for some
> of the https accesses.
>
> Alternatively, is there a quick way of getting self-signed certificate for
> dev and testing purpose?
>
> Regards,
> Mohammad
>
>
>
>
>
>
