Setting up SSL/TLS certificate exchange
In order to replicate data securely, you must configure an SSL/TLS certificate exchange between the two Cloudera Manager instances that manage the source and target clusters.
The following sample commands use the open-jdk-11 java version. Use the Java version that you use in CDP clusters in these commands.
List the contents of the trustore file located in the source cluster Cloudera
The global truststore password is available in the /etc/hadoop/conf/ssl-client.xml file.
/usr/lib/jvm/java-openjdk-11/bin/keytool -list -keystore /var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks -storepass [***password***]
Export the certificate contents to the cert.txt
/usr/java/default/bin/keytool -exportcert -keystore /var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks -alias cmrootca-0 -file ./cert.txt -storepass [***truststore_pass***]
Copy the cert.txt file to all the hosts of the destination
cluster Cloudera Manager securely.
$ mv cert.txt othercert.txt $ scp
Import the certificate into the trustore file on all the hosts of the
destination cluster Cloudera Manager.
/usr/java/default/bin/keytool -importcert -noprompt -v -trustcacerts -keystore /var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks -alias cmrootca-1 -file ./othercert.txt --storepass [***truststore_password***]
- Run steps 1 and 2 in the target cluster Cloudera Manager, and then copy the cert.txt file to all the hosts in the source cluster Cloudera Manager securely, and import the certificate into the trustore file on all the hosts of the source cluster Cloudera Manager (steps 3 and 4).