druid-tls.md

See http://druid.io/docs/0.11.0-rc2/operations/tls-support.html for reference docs.

Quick start:

1. Add "simple-client-sslcontext" to druid.extensions.loadList in common.runtime.properties.
2. Add the properties below to common.runtime.properties.
3. For local testing, create a new self-signed certificate using the following command (but for production you should use a real certificate signed by a CA). Note that with these certificates the important part is the CN, which must match the hostname of your server. The command for testing purposes is: openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 3650 -out cert.pem
4. Create pkcs12 bundle with: openssl pkcs12 -inkey key.pem -in cert.pem -export -out key.p12 -name druid
5. Create keystore: keytool -importkeystore -destkeystore imply-keystore.jks -srckeystore key.p12 -srcstoretype PKCS12
6. Create truststore: keytool -import -alias druid -file cert.pem -keystore imply-truststore.jks

Properties for common.runtime.properties:

druid.enablePlaintextPort=false
druid.enableTlsPort=true

druid.server.https.keyStoreType=jks
druid.server.https.keyStorePath=imply-keystore.jks
druid.server.https.keyStorePassword=imply123 # replace with your own password
druid.server.https.certAlias=druid

druid.client.https.protocol=TLSv1.2
druid.client.https.trustStoreType=jks
druid.client.https.trustStorePath=imply-truststore.jks
druid.client.https.trustStorePassword=imply123  # replace with your own password

which path I need to keep imply-keystore.jks in my linux, i get exception: Error in custom provider, java.lang.RuntimeException: java.nio.file.NoSuchFileException: truststore.jks # replace with correct turstStore file

You can use absolute path or path relative to druid root path.
The solution is that "# replace with correct turstStore file" comment string after the config item should be removed.