In this recipe, you will learn how to enable SSL for Marathon to protect eavesdropping on Marathon communication.
First, we need to create a place for our Java keystore:
mkdir -p /etc/marathon/ssl cd /etc/marathon/ssl
Then, put the keystore password into the environment variable. We will need it later:
Generate the keystore. In this example, we will use self-signed certificates but if you can issue an organization-wide trusted certificate, it would be better to use that. With self- signed certificates, most browsers will mark the Marathon UI and API as dangerous and there is a chance that somebody will create a man-in-the-middle attack:
keytool -keystore marathon.jks -deststorepass $MARATHON_SSL_KEYSTORE_PASSWORD -alias marathon -genkey -keyalg RSA