@Dominic_kim, It might be more work, but it would be better to have a cluster where trust can be established. Clients expect that the server they connected to (whether FQDN, short name, or IP) will be included in the Subject Alternative Name extension or in the CN subject. Note that recent releases of CM and CDH do support wildcard certificates so I'm not sure what the problem is in your case... we would need some more specific info. That said, you can turn off validation in some places like Hue, but it is not so easily done in others. Depends on the client. For Hue, I think you can turn off all validation by setting: [desktop] ssl_validate=False If you don't have ssl_cert_ca_verify or other configuration in other sections, then they will look to the global "desktop" section setting. Restart Hue after making the change.
... View more
