Auto-TLS Requirements and Limitations
Reference information for Auto-TLS requirements, limitations, and component support.
- You must install the Cloudera Manager Agent software on the Cloudera Manager Server host.
- You can enable auto-TLS using certificates created and managed by a Cloudera Manager certificate authority (CA), or certificates signed by a trusted public CA or your own internal CA. If you want to use a trusted public CA or your own internal CA, you must obtain all of the host certificates before enabling auto-TLS. For instructions on obtaining certificates from a CA, see “Manually Configuring TLS Encryption for Cloudera Manager”>“On Each Cluster Host”.
Component support for Auto-TLS
The following Cloudera Enterprise services support auto-TLS:
- Cloudera Navigator Audit Server
- Cloudera Navigator Metadata Server
- HDFS Client Configuration
- HDFS NameNode Web UI
- Hue Client
- Hue Load Balancer
- Hue Server
- Impala Catalog Server
- Impala Server
- Impala StateStore
- Kafka Broker Server
- Spark History Server
- YARN Web UI
For unlisted Cloudera Enterprise services, you must enable TLS manually. See the applicable component guide for more information.