Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Clarification on TLS/SSL - Level-3

avatar
author-rank Johnny_Bach
Contributor

Created on ‎04-17-2018 10:31 PM - edited ‎09-16-2022 06:06 AM

i did not mentioned any passphrase while generating the TLS Private key and the Certificates has been issued by the CA Team

As the document states to set client_keypw_file with the password of Private key.

what steps do i need to take in this case ?

 

Reference Link
https://www.cloudera.com/documentation/enterprise/5-8-x/topics/cm_sg_config_tls_agent_auth.html#conc...

3,962 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank GeKas
Super Collaborator

Created ‎04-18-2018 02:42 AM

You can add a password into your private key file.

Suppose that you private key file is test.pem. Its contents should be like:

-----BEGIN PRIVATE KEY-----
.
.
.
-----END PRIVATE KEY-----

or

 

-----BEGIN RSA PRIVATE KEY-----
.
.
.
-----END RSA PRIVATE KEY-----

 

Run the following command

$ openssl rsa -des3 -in test.pem -out test1.pem -passout pass:test

 

This command will create the test1.pem file which is protected by password. Its contents will be similar to :

 

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,3716DAF995B742A4

.
.
.
-----END RSA PRIVATE KEY-----

 

View solution in original post

3,945 Views
0 Kudos
4 REPLIES 4

avatar
author-rank GeKas
Super Collaborator

Created ‎04-18-2018 02:42 AM

You can add a password into your private key file.

Suppose that you private key file is test.pem. Its contents should be like:

-----BEGIN PRIVATE KEY-----
.
.
.
-----END PRIVATE KEY-----

or

 

-----BEGIN RSA PRIVATE KEY-----
.
.
.
-----END RSA PRIVATE KEY-----

 

Run the following command

$ openssl rsa -des3 -in test.pem -out test1.pem -passout pass:test

 

This command will create the test1.pem file which is protected by password. Its contents will be similar to :

 

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,3716DAF995B742A4

.
.
.
-----END RSA PRIVATE KEY-----

 

3,946 Views
0 Kudos

avatar
author-rank Johnny_Bach
Contributor

Created on ‎04-18-2018 06:04 AM - edited ‎04-18-2018 06:05 AM

But woudn't this would have an impact on the certificate already being generated from CA Team ?

As the private key changes .crt file would also change right ? in that case Cloudera TLS/SSL -level 3 configuration may not work 

 

It's just an thought process , please clarify

 

 

3,930 Views
0 Kudos

avatar
author-rank GeKas
Super Collaborator

Created ‎04-18-2018 06:11 AM

There should be no impact. It is the same private key. You just encrypt it
with a password.
3,926 Views
0 Kudos

avatar
author-rank Johnny_Bach
Contributor

Created ‎04-18-2018 07:57 AM

Awesome ..you are right , i have successfully enabled TLS/SSL with Level -3 encryption

Thank you @GeKas for all your inputs
3,915 Views
0 Kudos
Announcements
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
What's New @ Cloudera
Announcing Cloudera Streaming Analytics Operator for Kuberne...
What's New @ Cloudera
Announcing Cloudera Data Services 1.5.5 SP2: AI Inference an...
What's New @ Cloudera
Announcing Cloudera Streams Messaging Operator for Kubernete...
View More Announcements