Setting Custom TrustStore

This topic describes how to set custom trustStore for SSL encryption using Livy.

A Java trustStore is a repository to store the certificates from Certified Authorities (CA). CA verifies the certificate presented by the server in an SSL connection.

Add the following configuration options to set the custom trustStore during Livy session creation.
curl -k \
    -X POST \
    -H "Content-Type:application/json" \
    -d '{"className": "com.mapr.example", "file": "maprfs:///user/mapr/<example>.jar",
     "args": [
            "<args>"
        ],
     "conf":{
              .....
              "spark.driver.extraJavaOptions": "-Djavax.net.ssl.trustStore=<path-to-java-cacerts-file>",
              "spark.executor.extraJavaOptions": "-Djavax.net.ssl.trustStore=<path-to-java-cacerts-file>",
              .....        }    }' \
    -u "user:password" \
    https://<livy_url>/batches 
NOTE
The default Java trustStore is /etc/pki/java/cacerts. For example:
curl -k \
    -X POST \
    -H "Content-Type:application/json" \
    -d '{"className": "com.mapr.example", "file": "maprfs:///user/mapr/<example>.jar",
     "args": [
            "<args>"
        ],
     "conf":{
              .....
              "spark.driver.extraJavaOptions": "-Djavax.net.ssl.trustStore=/etc/pki/java/cacerts",
              "spark.executor.extraJavaOptions": "-Djavax.net.ssl.trustStore=/etc/pki/java/cacerts",
              .....        }    }' \
    -u "user:password" \
    https://<livy_url>/batches 
However, you can modify the path for the trustStore.

To install the custom certificate, see Secret Mangement.