Cloudera Community
Announcements
We’ve updated our product names and community labels - click here for full details
dimi_yu
user rank
Explorer

Re: Hardening Security on cloudera Cluster

by Expert Contributor Expert Contributor in Support Questions
‎11-24-2025 03:50 AM
‎11-24-2025 03:50 AM
@Raufshaikh @teo123 @dimi_yu - Starting with CDP 7.1.9, Cloudera rebased ZooKeeper to version 3.8 (3.8.1.7.1.9.0-387). Beginning with ZooKeeper version 3.6.0, a new a new monitoring feature (New Metrics System ) was introduced where you can enable the Prometheus MetricsProvider [0]. By default, the Port is set to the default port number of 7000 (which is configurable by setting "metricsProvider.httpPort"). While Prometheus itself does not require the HTTP TRACE method for normal operation, this behaviour is a result of the upstream ZooKeeper implementation ZOOKEEPER-3731. We at Cloudera, actively working internally to disable HTTP TRACE in the Prometheus MetricsProvider endpoint in an upcoming CDP release as part of our continued focus on security hardening. Which will be fixed in CDP 7.3.2, released in early 2026. As a workaround for now, you can just uncheck the "Enable the Prometheus MetricsProvider" option to disable the port for Prometheus metrics. [0] = https://zookeeper.apache.org/doc/r3.9.3/zookeeperAdmin.html#:~:text=metricsProvider.httpPort ... View more

Re: [Cloudera][DriverSupport] (1100) SSL certifica...

by Explorer in Support Questions
‎07-22-2025 03:11 AM
‎07-22-2025 03:11 AM
The error means the SSL certificates used by your Cloudera ODBC driver are outdated or expired. To fix it, download the latest cacerts.pem file from a trusted source like Curl's CA bundle or your company’s security team. Replace the old cacerts.pem file in the ODBC driver's configuration directory. Then restart your ODBC connection and test again. ... View more

Re: Unable to secure NiFi with provided certificat...

by Explorer in Support Questions
‎07-22-2025 02:57 AM
‎07-22-2025 02:57 AM
The error ERR_BAD_SSL_CLIENT_AUTH_CERT is a security-related bug that appears in web browsers, especially Google Chrome, due to a failure to interact with the SSL/TLS client authentication process.  This issue arises when SSL/TLS certificates are required on both client and server sides, but the client fails to present a valid certificate or the server can't verify it. Common causes include certificate misconfiguration, incorrect device date/time, software issues, or interference from browser extensions and antivirus programs. There are many different ways to fix the error which you need to understand properly in detail. Furthermore I found the helpful resource at:-  https://cheapsslweb.com/resources/how-to-fix-the-err_bad_ssl_client_auth_cert-error. I hope it helps!     ... View more

Re: Nifi parameter provider with constant invalid ...

by Explorer in Support Questions
‎05-26-2025 02:49 AM
1 Kudo
‎05-26-2025 02:49 AM
1 Kudo
I will try to open a ticket [NIFI-14599] Parameter provider invalid revision issue - ASF JIRA ... View more
Contact Me
Online
Offline
Last Visited
‎10-13-2025 11:32 PM
Community Statistics
Member Since ‎05-26-2025 02:25 AM
Last Visited ‎10-13-2025 11:32 PM
Posts 6
Kudos received 1