Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Disable/remove auto TLS certificates and create self signed certificate

Labels:
avatar
author-rank vaibhavm
Explorer

Created ‎09-08-2020 02:45 AM

How to disable/remove auto TLS certificates and create self-signed certificate in Cloudera version 6.2. The Cloudera version I am using is 6.2 having self-signed certificates that expired a few days back. now the Cloudera manager is not restarting. I want to remove the existing ones and create a new self-signed certificate and apply it to the cluster. can anyone help?

14,322 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank GangWar author-rank
Master Guru

Created ‎09-10-2020 01:32 AM

@vaibhavm You need two steps process. 

 

1. Disable TLS for CM so that you can access Web UI, for this follow below instruction. 

Disable TLS for the CM:

1. Determine Cloudera Manager Database

cat /etc/cloudera-scm-server/db.properties

2. Make database backup

3. get inside the DB. 
#mysql --user=cm --password=cm
#mysql> show databases;
#mysql> use cm;

4. Show TLS related rows 
select * from CONFIGS where attr like '%tls%';

5. Update TLS for web_tls 
update CONFIGS set value = 'false' where attr = 'web_tls';

6. Update TLS for agent_tls 
update CONFIGS set value = 'false' where attr = 'agent_tls';

7. Show TLS related rows 
select * from CONFIGS where attr like '%tls%';

8. Restart Cloudera Manager server process
service cloudera-scm-server restart

2. At this stage you will be able to successfully login into CM Web UI. Now you can disable Auto-TLS (If already enabled) using below method. 

--remove the line in /etc/default/cloudera-scm-server that loads cm_init.txt on startup
--then you can turn off TLS in the web UI and remove the TLS configs from the agent config.ini

 3. Then you can follow the doc which @Mike in Austin refereed in his comment to enable TLS again from fresh. 


Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

View solution in original post

14,265 Views
12 REPLIES 12

avatar
author-rank BdE-Big
New Contributor

Created ‎07-08-2022 04:59 AM

Remove all TLS related config in CM UI. CM > Settings search for TLS and uncheck everything and delete jks files and password configs

5,517 Views
0 Kudos

avatar
author-rank lvazquez
Expert Contributor

Created ‎07-08-2022 08:44 AM

I thought it was something like this, but it was hard to believe!

After 2 full installation of CDP base, it seems clear that CDP may have been a big step for the final user, but still has a lot of room for improvement in the sysadmin and devops side of the platform, specially in the way-back or recovery of many central configuration changes (kerberos, TLS) where it really sucks, even when compared with the now ancient HDP3. 

5,501 Views

avatar
author-rank ClouderaUser123
New Contributor

Created ‎07-18-2023 06:42 AM

@GangWar 

 

This is still a problem in CDP 7.1.8 where there is no possibility of turning off the "Auto-TLS is Enabled" satus in Admin --> Security. Has anyone found the solution? I've now combed through UI settings, db and local files for anything to do with TLS and removed most if it.

 

I know its turned off but as long as CDP thinks that Auto-TLS is ON I can't run the Auto-TLS setup Wizzard.

1,916 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements