Re: TLS Encryption Configuration

prabhat10 · ‎01-30-2019

I am trying to configure the tls encryption in my test cluster using self-signed certificate but not able to find step by step documentation.

Could anybody will share me the link to follow the steps?

Thanks in advance.

gzigldrum · ‎01-30-2019

Please follow instructions as shown in Configuring TLS Encryption for Cloudera Manager in combination with How to Use Self-Signed Certificates for TLS

prabhat10 · ‎02-14-2019

@gzigldrum

Configuring TLS Encryption for Clouder a Manager

After following this till step 3 I have created a hostname.jks and hostname.csr file.

now to change the .csr file to .pem file do I need to follow this How to Use Self-Signed Certificates for TLS. and after completing this. I again to need to follow this ( Configuring TLS Encryption for Clouder a Manager) from step 4.

Have I understood correct??

Please suggest.

Thanks

gzigldrum · ‎02-17-2019

Yes, the overall procedure is in Configuring TLS Encryption for Cloudera Manager but the certificate creation related instructions you can skip and used those from How to Use Self-Signed Certificates for TLS. Note that no CSR need to be created when using self-signed certificates, this is only needed if certificates are signed by a CA.

Core · ‎01-09-2020

I am facing the same issue. how do we get rootca.pem when using self signed cert?

is there a special document to use TLS with just self signed cert?

it is quite confusing.

gzigldrum · ‎01-10-2020

The same documentation chapters do apply, with the addition of How to Use Self-Signed Certificates for TLS chapter which has instructions for creating self-signed certificates.

As there is no CA certificate when using self-signed certificates, please add the server certificate of the service you are connecting to (e.g. CM server certificate) into the corresponding truststore file (like rootca.pem)