On this page

    Securing Dremio UI

    Enabling HTTPS on Dremio’s web server

    Add the following parameter to dremio.conf on your coordinator nodes:

    services.coordinator.web.ssl.enabled: true

    This will automatically generate a self-signed certificated. Go to https://<DREMIO_COORDINATOR>:9047.


    Using a self-signed certificate in production is not recommended for security reasons. Most browsers will also warn users when loading the UI in this mode.

    Custom SSL keyStore and trustStore settings

    Custom SSL keyStore and trustStore can be set using dremio.conf file. If the following are set Dremio will not auto-generate a self-signed certificate.


    In Dremio 24+, the following properties in dremio.conf can be encrypted using the dremio-admin encrypt CLI command:

    • keyStorePassword

    • trustStorePassword

    services.coordinator.web.ssl.keyStore: "path/to/keystore/jks/file",
    services.coordinator.web.ssl.keyStorePassword: "keyStorePassword",
    services.coordinator.web.ssl.trustStore: "path/to/trustStore", (Optional)
    services.coordinator.web.ssl.trustStorePassword: "trustStorePassword" (Optional)