Enable SSL in Dremio

Hi everyone,
I want to enable SSL in my Dremio configuration. On that note, I first used the auto-generated certificate option which worked fined. However, as I couldn’t extract the .crt file from the keystore, since I can’t find the default password, I manually created a new keystore and modified the dremio.conf according the instructions

services: {
  coordinator.enabled: true,
  coordinator.web.ssl.enabled: true,
  coordinator.web.ssl.keyStore: "/opt/dremio/mycerts/dremio/dremio.keystore",
  coordinator.web.ssl.keyStorePassword: "XXXXX",
  coordinator.web.ssl.trustStore: "/opt/java/openjdk/lib/security/cacerts",
  coordinator.web.ssl.trustStorePassword: "XXXXX",
  coordinator.master.enabled: true,
  executor.enabled: true,
  flight.use_session_service: true
}

However, I still see that Dremio is using the auto-generated certificate instead of the manually created one. I checked the paths and they are all correct. According to the documentation changing those settings should prevent Dremio from auto-generating certificates.

Thanks for any help!

@Makdak26 Did you do a restart of Dremio and made sure it used the dremio.conf you modified?

Hi @balaji.ramaswamy, thank you for your reply.

In the end, going through the documentation of Configuration via dremio.conf, I saw that I had to manually set the services.coordinator.web.ssl.auto-certificate.enabled to false.

Looking only at the documentation of Enabling HTTPS I thought that this would be done automatically after changing the other setting, but apparently I had to manually change it.

If I understand correctly, to also use the JDBC Arrow Flight SQL (with Spark) with SSL enabled, I need to have the Enterprise option of Dremio? This was found in Encryption for JDBC Clients and Power BI Clients That Use the Legacy ODBC Drive in Configuring Wire Encryption

@Makdak26 Yes it is an enterprise edition only feature