Skip to main content

Simple SSLContext Provider Module

This Apache Druid module contains a simple implementation of SSLContext that will be injected to be used with HttpClient that Druid processes use internally to communicate with each other. To learn more about Java's SSL support, please refer to this guide.

PropertyDescriptionDefaultRequired
druid.client.https.protocolSSL protocol to use.TLSv1.2no
druid.client.https.trustStoreTypeThe type of the key store where trusted root certificates are stored.java.security.KeyStore.getDefaultType()no
druid.client.https.trustStorePathThe file path or URL of the TLS/SSL Key store where trusted root certificates are stored.noneyes
druid.client.https.trustStoreAlgorithmAlgorithm to be used by TrustManager to validate certificate chainsjavax.net.ssl.TrustManagerFactory.getDefaultAlgorithm()no
druid.client.https.trustStorePasswordThe Password Provider or String password for the Trust Store.noneyes

The following table contains optional parameters for supporting client certificate authentication:

PropertyDescriptionDefaultRequired
druid.client.https.keyStorePathThe file path or URL of the TLS/SSL Key store containing the client certificate that Druid will use when communicating with other Druid services. If this is null, the other properties in this table are ignored.noneyes
druid.client.https.keyStoreTypeThe type of the key store.noneyes
druid.client.https.certAliasAlias of TLS client certificate in the keystore.noneyes
druid.client.https.keyStorePasswordThe Password Provider or String password for the Key Store.noneno
druid.client.https.keyManagerFactoryAlgorithmAlgorithm to use for creating KeyManager, more details here.javax.net.ssl.KeyManagerFactory.getDefaultAlgorithm()no
druid.client.https.keyManagerPasswordThe Password Provider or String password for the Key Manager.noneno
druid.client.https.validateHostnamesValidate the hostname of the server. This should not be disabled unless you are using custom TLS certificate checks and know that standard hostname validation is not needed.trueno

This document lists all the possible values for the above mentioned configs among others provided by Java implementation.