Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Clarification on TLS/SSL - Level-3

avatar
Contributor

i did not mentioned any passphrase while generating the TLS Private key and the Certificates has been issued by the CA Team

As the document states to set client_keypw_file with the password of Private key.

what steps do i need to take in this case ?

 

Reference Link
https://www.cloudera.com/documentation/enterprise/5-8-x/topics/cm_sg_config_tls_agent_auth.html#conc...

1 ACCEPTED SOLUTION

avatar
Super Collaborator

You can add a password into your private key file.

Suppose that you private key file is test.pem. Its contents should be like:

-----BEGIN PRIVATE KEY-----
.
.
.
-----END PRIVATE KEY-----

or

 

-----BEGIN RSA PRIVATE KEY-----
.
.
.
-----END RSA PRIVATE KEY-----

 

Run the following command

$ openssl rsa -des3 -in test.pem -out test1.pem -passout pass:test

 

This command will create the test1.pem file which is protected by password. Its contents will be similar to :

 

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,3716DAF995B742A4

.
.
.
-----END RSA PRIVATE KEY-----

 

View solution in original post

4 REPLIES 4

avatar
Super Collaborator

You can add a password into your private key file.

Suppose that you private key file is test.pem. Its contents should be like:

-----BEGIN PRIVATE KEY-----
.
.
.
-----END PRIVATE KEY-----

or

 

-----BEGIN RSA PRIVATE KEY-----
.
.
.
-----END RSA PRIVATE KEY-----

 

Run the following command

$ openssl rsa -des3 -in test.pem -out test1.pem -passout pass:test

 

This command will create the test1.pem file which is protected by password. Its contents will be similar to :

 

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,3716DAF995B742A4

.
.
.
-----END RSA PRIVATE KEY-----

 

avatar
Contributor

But woudn't this would have an impact on the certificate already being generated from CA Team ?

As the private key changes .crt file would also change right ? in that case Cloudera TLS/SSL -level 3 configuration may not work 

 

It's just an thought process , please clarify

 

 

avatar
Super Collaborator
There should be no impact. It is the same private key. You just encrypt it
with a password.

avatar
Contributor
Awesome ..you are right , i have successfully enabled TLS/SSL with Level -3 encryption

Thank you @GeKas for all your inputs