Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

TLS Encryption Configuration

TLS Encryption Configuration

Explorer

I am trying to configure the tls encryption in my test cluster using self-signed certificate but not able to find step by step documentation.

Could anybody will share me the link to follow the steps?

 

 

Thanks in advance.

5 REPLIES 5
Highlighted

Re: TLS Encryption Configuration

Expert Contributor

Please follow instructions as shown in Configuring TLS Encryption for Cloudera Manager in combination with How to Use Self-Signed Certificates for TLS

Highlighted

Re: TLS Encryption Configuration

Explorer

@gzigldrum 

 

Configuring TLS Encryption for Cloudera Manager

 

After following this till step 3 I have created a hostname.jks and hostname.csr file.

 

now to change the .csr file to .pem file do I need to follow this How to Use Self-Signed Certificates for TLS. and after completing this. I again to need to follow this ( Configuring TLS Encryption for Cloudera Manager) from step 4.

Have I understood correct??

 

Please suggest.

Thanks

Highlighted

Re: TLS Encryption Configuration

Expert Contributor

Yes, the overall procedure is in Configuring TLS Encryption for Cloudera Manager but the certificate creation related instructions you can skip and used those from How to Use Self-Signed Certificates for TLS. Note that no CSR need to be created when using self-signed certificates, this is only needed if certificates are signed by a CA.

Highlighted

Re: TLS Encryption Configuration

New Contributor

I am facing the same issue. how do we get rootca.pem when using self signed cert?

is there a special document to use TLS with just self signed cert?

it is quite confusing.

Highlighted

Re: TLS Encryption Configuration

Expert Contributor

The same documentation chapters do apply, with the addition of How to Use Self-Signed Certificates for TLS chapter which has instructions for creating self-signed certificates.

 

As there is no CA certificate when using self-signed certificates, please add the server certificate of the service you are connecting to (e.g. CM server certificate) into the corresponding truststore file (like rootca.pem)

Don't have an account?
Coming from Hortonworks? Activate your account here