Cloudera Community
Announcements
We’ve updated our product names and community labels - click here for full details
dimi_yu
user rank
Explorer

Re: Hardening Security on cloudera Cluster

by Explorer in Support Questions
‎09-17-2025 10:10 PM
‎09-17-2025 10:10 PM
I ran into the same findings in a Cloudera 7.x setup. For the Zookeeper TRACE/TRACK warning on port 7000, you can mitigate it by disabling these methods in the embedded Jetty config or, more commonly, by placing a reverse proxy (Apache/Nginx) in front of ZooKeeper and blocking TRACE/TRACK. For the MapReduce HSTS warning (port 13562), HSTS isn’t enabled by default. The fix is to add the Strict Transport Security header either through the service’s HTTPS response configuration or again via a reverse proxy. This enforces HTTPS and clears the scan finding. ... View more

Re: [Cloudera][DriverSupport] (1100) SSL certifica...

by Explorer in Support Questions
‎07-22-2025 03:11 AM
‎07-22-2025 03:11 AM
The error means the SSL certificates used by your Cloudera ODBC driver are outdated or expired. To fix it, download the latest cacerts.pem file from a trusted source like Curl's CA bundle or your company’s security team. Replace the old cacerts.pem file in the ODBC driver's configuration directory. Then restart your ODBC connection and test again. ... View more

Re: Unable to secure NiFi with provided certificat...

by Explorer in Support Questions
‎07-22-2025 02:57 AM
‎07-22-2025 02:57 AM
The error ERR_BAD_SSL_CLIENT_AUTH_CERT is a security-related bug that appears in web browsers, especially Google Chrome, due to a failure to interact with the SSL/TLS client authentication process.  This issue arises when SSL/TLS certificates are required on both client and server sides, but the client fails to present a valid certificate or the server can't verify it. Common causes include certificate misconfiguration, incorrect device date/time, software issues, or interference from browser extensions and antivirus programs. There are many different ways to fix the error which you need to understand properly in detail. Furthermore I found the helpful resource at:-  https://cheapsslweb.com/resources/how-to-fix-the-err_bad_ssl_client_auth_cert-error. I hope it helps!     ... View more

Re: Nifi parameter provider with constant invalid ...

by Explorer in Support Questions
‎05-26-2025 02:27 AM
1 Kudo
‎05-26-2025 02:27 AM
1 Kudo
Looks like a revision tracking issue introduced in NiFi 2.x, especially with how it handles state in the AzureKeyvaultParameterProvider. Since it worked fine in 1.x, it’s likely a regression or a behavior change in how revisions are managed. Until a fix, try logging this with the NiFi Jira or reverting to 1.x if critical. ... View more
Contact Me
Online
Offline
Last Visited
‎10-13-2025 11:32 PM
Community Statistics
Member Since ‎05-26-2025 02:25 AM
Last Visited ‎10-13-2025 11:32 PM
Posts 6
Kudos received 1