Reply
Highlighted
Explorer
Posts: 20
Registered: ‎03-19-2018
Accepted Solution

Clarification on TLS/SSL - Level-3

i did not mentioned any passphrase while generating the TLS Private key and the Certificates has been issued by the CA Team

As the document states to set client_keypw_file with the password of Private key.

what steps do i need to take in this case ?

 

Reference Link
https://www.cloudera.com/documentation/enterprise/5-8-x/topics/cm_sg_config_tls_agent_auth.html#conc...

Expert Contributor
Posts: 92
Registered: ‎01-08-2018

Re: Clarification on TLS/SSL - Level-3

You can add a password into your private key file.

Suppose that you private key file is test.pem. Its contents should be like:

-----BEGIN PRIVATE KEY-----
.
.
.
-----END PRIVATE KEY-----

or

 

-----BEGIN RSA PRIVATE KEY-----
.
.
.
-----END RSA PRIVATE KEY-----

 

Run the following command

$ openssl rsa -des3 -in test.pem -out test1.pem -passout pass:test

 

This command will create the test1.pem file which is protected by password. Its contents will be similar to :

 

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,3716DAF995B742A4

.
.
.
-----END RSA PRIVATE KEY-----

 

Explorer
Posts: 20
Registered: ‎03-19-2018

Re: Clarification on TLS/SSL - Level-3

[ Edited ]

But woudn't this would have an impact on the certificate already being generated from CA Team ?

As the private key changes .crt file would also change right ? in that case Cloudera TLS/SSL -level 3 configuration may not work 

 

It's just an thought process , please clarify

 

 

Expert Contributor
Posts: 92
Registered: ‎01-08-2018

Re: Clarification on TLS/SSL - Level-3

There should be no impact. It is the same private key. You just encrypt it
with a password.
Explorer
Posts: 20
Registered: ‎03-19-2018

Re: Clarification on TLS/SSL - Level-3

Awesome ..you are right , i have successfully enabled TLS/SSL with Level -3 encryption

Thank you @GeKas for all your inputs
Announcements