Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Clarification on TLS/SSL - Level-3

avatar
author-rank Johnny_Bach
Contributor

Created on ‎04-17-2018 10:31 PM - edited ‎09-16-2022 06:06 AM

i did not mentioned any passphrase while generating the TLS Private key and the Certificates has been issued by the CA Team

As the document states to set client_keypw_file with the password of Private key.

what steps do i need to take in this case ?

 

Reference Link
https://www.cloudera.com/documentation/enterprise/5-8-x/topics/cm_sg_config_tls_agent_auth.html#conc...

2,839 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank GeKas
Super Collaborator

Created ‎04-18-2018 02:42 AM

You can add a password into your private key file.

Suppose that you private key file is test.pem. Its contents should be like:

-----BEGIN PRIVATE KEY-----
.
.
.
-----END PRIVATE KEY-----

or

 

-----BEGIN RSA PRIVATE KEY-----
.
.
.
-----END RSA PRIVATE KEY-----

 

Run the following command

$ openssl rsa -des3 -in test.pem -out test1.pem -passout pass:test

 

This command will create the test1.pem file which is protected by password. Its contents will be similar to :

 

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,3716DAF995B742A4

.
.
.
-----END RSA PRIVATE KEY-----

 

View solution in original post

2,822 Views
0 Kudos
4 REPLIES 4

avatar
author-rank GeKas
Super Collaborator

Created ‎04-18-2018 02:42 AM

You can add a password into your private key file.

Suppose that you private key file is test.pem. Its contents should be like:

-----BEGIN PRIVATE KEY-----
.
.
.
-----END PRIVATE KEY-----

or

 

-----BEGIN RSA PRIVATE KEY-----
.
.
.
-----END RSA PRIVATE KEY-----

 

Run the following command

$ openssl rsa -des3 -in test.pem -out test1.pem -passout pass:test

 

This command will create the test1.pem file which is protected by password. Its contents will be similar to :

 

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,3716DAF995B742A4

.
.
.
-----END RSA PRIVATE KEY-----

 

2,823 Views
0 Kudos

avatar
author-rank Johnny_Bach
Contributor

Created on ‎04-18-2018 06:04 AM - edited ‎04-18-2018 06:05 AM

But woudn't this would have an impact on the certificate already being generated from CA Team ?

As the private key changes .crt file would also change right ? in that case Cloudera TLS/SSL -level 3 configuration may not work 

 

It's just an thought process , please clarify

 

 

2,807 Views
0 Kudos

avatar
author-rank GeKas
Super Collaborator

Created ‎04-18-2018 06:11 AM

There should be no impact. It is the same private key. You just encrypt it
with a password.
2,801 Views
0 Kudos

avatar
author-rank Johnny_Bach
Contributor

Created ‎04-18-2018 07:57 AM

Awesome ..you are right , i have successfully enabled TLS/SSL with Level -3 encryption

Thank you @GeKas for all your inputs
2,792 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements