Support Questions

Find answers, ask questions, and share your expertise
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.

Configure Cloudera Director to Access Cloudera Manager via TLS/SSL

I manually enabled TLS/SSL on Cloudera Manager and Agents, and I am trying to configure cloudera director to use this https to access cloudera manager api. I am trying to update the template via curl post to the API with the 


"name": "impala-cloudera-manager",
"tlsEnabled": true,
"port": 7183,
"trustedCertificate": "-----BEGIN CERTIFICATE-----\nMM...+OkuE6N36B9K\n
-----END CERTIFICATE-----\n" 


"managerVirtualInstance": {
"id": "d901df10-07a8-4a26-85bf-413b6b72fa5e",
"template": {
"name": "cloudera-manager",
"type": "m3.xlarge",



 and it doesn't seem to work. I am using the correct cert and root CA. 


Here is the error in cloudera director logs 


Caused by: IOException invoking HTTPS hostname wrong: should be <>
at org.apache.cxf.jaxrs.client.AbstractClient.checkClientException(
at org.apache.cxf.jaxrs.client.AbstractClient.preProcessResult(
at org.apache.cxf.jaxrs.client.ClientProxyImpl.doChainedInvocation(
at org.apache.cxf.jaxrs.client.ClientProxyImpl.invoke(
at com.cloudera.api.$Proxy228.getCurrentVersion(Unknown Source)
... 125 common frames omitted



Why is it trying to validate against the IP Address? If I put the IP in the browser of course I would be presented with a SSL certificate error.


Rising Star


Cloudera Director uses the IP address of the Cloudera Manager server to communicate with it. This means you need the IP address of the server in the TLS certificate for this to work. You can find more information on this in the Cloudera documentation:


If you can add the private IP address for the Cloudera Manager as a Subject Alternative Name (SAN) in the certificate then this should work around the issue.




Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.