Support Questions

Find answers, ask questions, and share your expertise
Celebrating as our community reaches 100,000 members! Thank you!

Need info or Kerberos and TLS/SSL

New Contributor

Hi All,


Need the below info for the Cloudera Manager and CDH 5.16  free version.

1) kerberos support with free version of Cloudera Manager
2) mutual TLS/SSL and certificate rotation for free version.
3) Any secure key vault tool available with Cloudera


Thanks and Regards,





Hi @avsagar99 

Well, Cloudera Enterprise 5.16 became generally available in the Fall of 2018. As you no doubt are aware, that was quite a while ago, especially in terms of "internet time". Cloudera Enterprise 5.16 reached it's end of support date in December 2020 (open that link and then expand the section labeled "Cloudera Enterprise products" underneath Current End of Support (EoS) Dates). The current Enterprise Data Platform offered by Cloudera is Cloudera Data Platform (CDP), which in it's on-premises "form factor" is offered as CDP Private Cloud. CDP supersedes CDH as it is fairly up to date on all the included components, which is not the case with CDH 5.16.


There used to be an edition of CDH called "Cloudera Express" and many people interpreted the fact that versions of CDH called "Cloudera Enterprise" required a license to mean that "Cloudera Express" was "free". I'll take your use of the term "free version" as an indication that you're making this same assumption. You can read more about the differences between Cloudera Express and Cloudera Enterprise here: Managing Licenses. Cloudera Express was discontinued by Cloudera in the Winter of 2020, please see the announcement here: Cloudera Enterprise 6.3.3 Released

…scroll down to the subsection Important Note About Cloudera Express.


That being said, you can begin reading about using Kerberos on/with Cloudera Enterprise 5.16.x here: Kerberos Security Artifacts Overview.


You can find an overview of configuring TLS encryption for 5.16.x between Cloudera Manager Server and all cluster hosts here: Configuring TLS Encryption for Cloudera Manager.


As far as certificate rotation, you can read about that topic for Cloudera Enterprise 5.16.x here: How To Renew and Redistribute Certificates. Note that only TLS 1.2 is supported on CDH 5.16, so your plan to use that version of CDH may be self-defeating.


I don't quite know what you're referring to when you write "secure key vault tool". Assuming you are referring to key management tools that let you create the security artifacts needed for TLS/SSL, you can read about that for 5.16.x here: How To Obtain and Deploy Keys and Certificates for TLS/SSL.



Bill Brooks, Community Moderator
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.