Manually Configuring TLS Encryption on the Agent Listening Port
The agent listening port (TCP Port 9000) of a Cloudera Manager Agent can be secured with TLS. This port is used for retrieving diagnostic and log information.
- The following properties must be defined in the
config.inifile of the Cloudera Manager Agent:
client_keypw_file. For details, see Agent Configuration File.
- An encryption key must be configured.
- A certificate must be configured.
The main requirement for the Cloudera Manager Server to connect with TLS to the agent listening port is as follows:
If the output of this command includes a server certificate in PEM format, then the port is secured with TLS.
openssl s_client -connect <hostname>:9000