Hi Lwang, I just wanna follow up from the previous post/reply you made about not being able to disbaled the auot TLS. is starting from scratch still the case or easier route? I would really like to add my custom certs without starting the cluster from the beginning.
Starting with Cloudera Manager 6.2, you can enable auto-TLS on existing deployments. For instructions on enabling auto-TLS as part of a new installation, see the installation guide.
Hi @Onedile ,
Thanks for reaching out.
There is currently no easy way to disable TLS with the certmanager tool once it has been set up. We have an internal JIRA #OPSAPS-49587 titled "No way to disable Auto-TLS/certmanager after setup" and currently the jira is still open.
However, there is a knowledge article which explains steps on how to "Update/Renew CA and Certificates used by Cloudera Manager created with Director Auto-TLS". Hope this maybe a little bit helpful to you.
To undo the AUTO-TLS:
1) Remove TLS configuration from CDH Component configurations - restart CDH
2) In CM Administration - Search for TLS and SSL and clear all TLS / SSL related config.
3) Remove TLS config from agents - In the agent /etc/cloudera-scm-agent/config.ini, there's use_tls which must be set to 0, as well as Auto-TLS lines at the end of the file which must be removed/commented out. Also comment out the cert, trust, and password file settings in the agent config.ini as well.
4) Edit on the CM Server /etc/default/cloudera-scm-server
Remove / comment out the following lies (# at beginning of line comments out):
Automatically added block below. Do Not edit. AUTOGEN-BLOCK-BEGIN-FGJqR8zvlo9SZ2rlDDp7
export CMF_SERVER_ARGS="$CMF_SERVER_ARGS -i /var/lib/cloudera-scm-server/certmanager/cm_init.txt"
5) Restart CM/Agents
Auto-TLS should be fully disabled and cluster should no longer be on TLS