TLS/SSL

BDD can be installed on Hadoop clusters secured with TLS/SSL.

TLS/SSL can be configured for specific Hadoop services in Hadoop clusters. When this is enabled, all communication between the services that have it is encrypted. If you have TLS/SSL enabled for BDD to encrypt its communications with Hadoop.

If your Hadoop cluster has TLS/SSL enabled, verify that your system meets the following requirements:

Kerberos is enabled for both Hadoop and BDD. Note that this isn't required, but is strongly recommended. For more information, see Kerberos.
TLS/SSL is enabled in your Hadoop cluster for the HDFS, YARN, Hive, and/or Key Management Server (KMS) services.
The KMS service is installed and configured. You should have already done this as part of enabling TLS/SSL in your Hadoop cluster.

To enable BDD to run on a Hadoop cluster secured with TLS/SSL:

Export the public key certificates for all nodes running TLS/SSL-enabled HDFS, YARN, Hive, and/or KMS.
You can do this with the following command:
```
keytool -exportcert -alias <alias> -keystore <keystore_filename> -file <export_filename>
```
Where:
- <alias> is the certificate's alias.
- <keystore_filename> is the absolute path to your keystore file. You can find this in Cloudera Manager or Ambari.
- <export_filename> is the name of the file you want to export the keystore to.
Copy the exported certificates to a single directory on the install machine.
Verify that the password for $JAVA_HOME/jre/lib/security/cacerts is set to the default, changeit.
This is required by the installer. If it has been changed, be sure to set it back to the default.

When the installer runs, it imports the certificates to the custom truststore file, then copies the truststore to $BDD_HOME/common/security/cacerts on all BDD nodes.