Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Auto-TLS on 6.1 Express Cluster Creation


Re: Auto-TLS on 6.1 Express Cluster Creation


Hi Lwang,   I just wanna follow up from the previous post/reply you made about not being able to disbaled the auot TLS. is starting from scratch still the case or easier route?    I would really like to add my custom certs without starting the cluster from the beginning.  

Re: Auto-TLS on 6.1 Express Cluster Creation

Super Collaborator

Starting with Cloudera Manager 6.2, you can enable auto-TLS on existing deployments. For instructions on enabling auto-TLS as part of a new installation, see the installation guide.


Re: Auto-TLS on 6.1 Express Cluster Creation

Super Collaborator

Hi @Onedile ,


Thanks for reaching out.


There is currently no easy way to disable TLS with the certmanager tool once it has been set up. We have an internal JIRA #OPSAPS-49587 titled "No way to disable Auto-TLS/certmanager after setup" and currently the jira is still open.


However, there is a knowledge article which explains steps on how to "Update/Renew CA and Certificates used by Cloudera Manager created with Director Auto-TLS". Hope this maybe a little bit helpful to you.





Li Wang, Technical Solution Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Learn more about the Cloudera Community:

Terms of Service

Community Guidelines

How to use the forum


Re: Auto-TLS on 6.1 Express Cluster Creation

Super Collaborator

To undo the AUTO-TLS:

1) Remove TLS configuration from CDH Component configurations - restart CDH

2) In CM Administration  - Search for TLS and SSL and clear all TLS / SSL related config.

3) Remove TLS config from agents -  In the agent /etc/cloudera-scm-agent/config.ini, there's use_tls which must be set to 0, as well as Auto-TLS lines at the end of the file which must be removed/commented out. Also comment out the cert, trust, and password file settings in the agent config.ini as well. 

4) Edit  on the CM Server  /etc/default/cloudera-scm-server
Remove / comment out the following lies (# at beginning of line comments out):

Automatically added block below. Do Not edit. AUTOGEN-BLOCK-BEGIN-FGJqR8zvlo9SZ2rlDDp7
export CMF_SERVER_ARGS="$CMF_SERVER_ARGS -i /var/lib/cloudera-scm-server/certmanager/cm_init.txt"
export CMF_FF_AUTO_TLS=true

5) Restart CM/Agents


Auto-TLS should be fully disabled and cluster should no longer be on TLS

Don't have an account?
Coming from Hortonworks? Activate your account here