02-10-2016 06:02 AM - last edited on 11-08-2016 08:54 AM by cjervis
Related to Kerberos AA activation, CDH docs recommend using TLS security for communication between CM and node agents. Using private CA or self-signed certs are both viable options, and I thinks it's clear why the first one is recommended for use. However, let's say we're building a CDH platform which will only communicate via some internal, non-public network (a company's Intranet, for example). Do you think that a self-signed cert presents a satisfiable security level for that kind of an environment? What are your thoughts on this?
02-11-2016 11:53 AM
The level of security for data flow through tunnel is more or less same. But self-signed has no identity of owner/CA to it & private key will be shared with 3rd party.
If your scenario is limited to INTERNAL only then you can go self-signed route.
I hope that helps.
02-12-2016 09:07 AM