By default HDFS, Yarn, MapReduce Hadoop web interfaces are not “Kerberized”. In IOP, access to Hadoop web interfaces is through Apache Knox. Apache Knox is a very powerful proxy optimized for Hadoop components access. Without Knox Apache we would need to access Hadoop web interfaces directly without any authentication protection. To turn such authentication protection end-to-end it is necessary to enable Kerberos in the Hadoop Web interfaces.
This blog summarizes IOP 4.2 components that support SSL along with configurations necessary to enable ssl for each service. Each service will expect SSL certificate to be installed on the host. Some basic informartion on SSL certificates is included here.