Hi all,   We have currently a Hadoop cluster in test in a private cloud with private ip and hostname: - <private_ip_1> mh1.example.com (namenode 1 in private cloud) - <private_ip_2> mh2.example.com (namenode 2 in private cloud) - <private_ip_3> w1.example.com (worker 1 in private cloud) ... - <private_ip_n> wn.example.com (worker n private cloud) - <private_ip_m> eg1.example.com (edge node 1 + cloudera manager service in public cloud) - <private_ip_o> eg2.example.com (edge node 2 + hue etc. in public cloud)   We can access on the private cloud only through the edge nodes and the cluster is kerberized with sentry. For the moment we use only self-certificate, but now we want to put the cluster in production.   My question is that: Could we use official authority certificate in our case ? Because if I undestand well, authority certificate is only for public domain and public IP.   Or what I was thinking for production is: - Self-Certificate for Cloudera Manager Agents (in all nodes in private cloud) - Authority Certificate for HUE UI on edge node on public cloud (with public ip adress) - Authority Certificate for Cloudera Manager UI on edge node on public cloud (with public ip adress)   Do you think it's ok or overkill for production ? Am I missing something ?   Thank you in advance,   Vincent ... View more