Support Questions

Find answers, ask questions, and share your expertise

TLS Encryption Configuration


I am trying to configure the tls encryption in my test cluster using self-signed certificate but not able to find step by step documentation.

Could anybody will share me the link to follow the steps?



Thanks in advance.


Expert Contributor

Please follow instructions as shown in Configuring TLS Encryption for Cloudera Manager in combination with How to Use Self-Signed Certificates for TLS




Configuring TLS Encryption for Cloudera Manager


After following this till step 3 I have created a hostname.jks and hostname.csr file.


now to change the .csr file to .pem file do I need to follow this How to Use Self-Signed Certificates for TLS. and after completing this. I again to need to follow this ( Configuring TLS Encryption for Cloudera Manager) from step 4.

Have I understood correct??


Please suggest.


Expert Contributor

Yes, the overall procedure is in Configuring TLS Encryption for Cloudera Manager but the certificate creation related instructions you can skip and used those from How to Use Self-Signed Certificates for TLS. Note that no CSR need to be created when using self-signed certificates, this is only needed if certificates are signed by a CA.

New Contributor

I am facing the same issue. how do we get rootca.pem when using self signed cert?

is there a special document to use TLS with just self signed cert?

it is quite confusing.

Expert Contributor

The same documentation chapters do apply, with the addition of How to Use Self-Signed Certificates for TLS chapter which has instructions for creating self-signed certificates.


As there is no CA certificate when using self-signed certificates, please add the server certificate of the service you are connecting to (e.g. CM server certificate) into the corresponding truststore file (like rootca.pem)

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.