Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Now Live: Explore expert insights and technical deep dives on the new Cloudera Community BlogsRead the Announcement
Solved Go to solution

Disable/remove auto TLS certificates and create self signed certificate

Labels:
avatar
author-rank vaibhavm
Explorer

Created ‎09-08-2020 02:45 AM

How to disable/remove auto TLS certificates and create self-signed certificate in Cloudera version 6.2. The Cloudera version I am using is 6.2 having self-signed certificates that expired a few days back. now the Cloudera manager is not restarting. I want to remove the existing ones and create a new self-signed certificate and apply it to the cluster. can anyone help?

19,578 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank GangWar author-rank
Master Guru

Created ‎09-10-2020 01:32 AM

@vaibhavm You need two steps process. 

 

1. Disable TLS for CM so that you can access Web UI, for this follow below instruction. 

Disable TLS for the CM:

1. Determine Cloudera Manager Database

cat /etc/cloudera-scm-server/db.properties

2. Make database backup

3. get inside the DB. 
#mysql --user=cm --password=cm
#mysql> show databases;
#mysql> use cm;

4. Show TLS related rows 
select * from CONFIGS where attr like '%tls%';

5. Update TLS for web_tls 
update CONFIGS set value = 'false' where attr = 'web_tls';

6. Update TLS for agent_tls 
update CONFIGS set value = 'false' where attr = 'agent_tls';

7. Show TLS related rows 
select * from CONFIGS where attr like '%tls%';

8. Restart Cloudera Manager server process
service cloudera-scm-server restart

2. At this stage you will be able to successfully login into CM Web UI. Now you can disable Auto-TLS (If already enabled) using below method. 

--remove the line in /etc/default/cloudera-scm-server that loads cm_init.txt on startup
--then you can turn off TLS in the web UI and remove the TLS configs from the agent config.ini

 3. Then you can follow the doc which @Mike in Austin refereed in his comment to enable TLS again from fresh. 


Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

View solution in original post

19,520 Views
12 REPLIES 12

avatar
author-rank BdE-Big
Reader

Created ‎07-08-2022 04:59 AM

Remove all TLS related config in CM UI. CM > Settings search for TLS and uncheck everything and delete jks files and password configs

6,619 Views
0 Kudos

avatar
author-rank lvazquez
Expert Contributor

Created ‎07-08-2022 08:44 AM

I thought it was something like this, but it was hard to believe!

After 2 full installation of CDP base, it seems clear that CDP may have been a big step for the final user, but still has a lot of room for improvement in the sysadmin and devops side of the platform, specially in the way-back or recovery of many central configuration changes (kerberos, TLS) where it really sucks, even when compared with the now ancient HDP3. 

6,603 Views

avatar
author-rank ClouderaUser123
Reader

Created ‎07-18-2023 06:42 AM

@GangWar 

 

This is still a problem in CDP 7.1.8 where there is no possibility of turning off the "Auto-TLS is Enabled" satus in Admin --> Security. Has anyone found the solution? I've now combed through UI settings, db and local files for anything to do with TLS and removed most if it.

 

I know its turned off but as long as CDP thinks that Auto-TLS is ON I can't run the Auto-TLS setup Wizzard.

3,018 Views
0 Kudos
Announcements
Community Announcements
Announcing the Launch of Cloudera Community Blogs
Community Announcements
October / November 2025 Community Highlights
What's New @ Cloudera
Announcing Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
Announcing Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
Welcome to the Cloudera Community!
View More Announcements