Related to Kerberos AA activation, CDH docs recommend using TLS security for communication between CM and node agents. Using private CA or self-signed certs are both viable options, and I thinks it's clear why the first one is recommended for use. However, let's say we're building a CDH platform which will only communicate via some internal, non-public network (a company's Intranet, for example). Do you think that a self-signed cert presents a satisfiable security level for that kind of an environment? What are your thoughts on this?
The level of security for data flow through tunnel is more or less same. But self-signed has no identity of owner/CA to it & private key will be shared with 3rd party.
If your scenario is limited to INTERNAL only then you can go self-signed route.
I hope that helps.