Auto-TLS Requirements and Limitations
- You must install the Cloudera Manager Agent software on the Cloudera Manager Server host.
- You can enable auto-TLS using certificates created and managed by a Cloudera Manager
certificate authority (CA), or certificates signed by a trusted public CA or your own
internal CA. If you want to use a trusted public CA or your own internal CA, you must
obtain all of the host certificates before enabling auto-TLS. For instructions on
obtaining certificates from a CA, see On Each Cluster Host:.
The following services support auto-TLS:
- Atlas
- Cloudera Manager Host Monitor Debug Interface
- Cloudera Manager Service Monitor Debug Interface
- HBase
- HDFS Client Configuration
- HDFS NameNode Web UI
- Hive-on-Tez
- HiveServer2
- HttpFS
- Hue Client
- Hue Load Balancer
- Hue Server
- Impala Catalog Server
- Impala Server
- Impala StateStore
- Java Keystore Key Management Server (KMS)
- Kafka Broker Server
- Kafka Mirrormaker
- Kudu
- Livy
- Oozie
- Phoenix
- Ranger
- Safenet Luna Hardware Security Modules (HSM) KMS
- Solr
- Spark History Server
- YARN Web UI
- Zeppelin
- ZooKeeper
For unlisted services, you must enable TLS manually. See the applicable component guide for more information.