TLS/SSL settings for Streams Messaging Manager

To enable TLS/SSL settings for Streams Messaging Manager (SMM), you need to configure SMM server properties, SMM UI properties, and SMM Server’s Oracle TLS connection properties. You can configure the TLS/SSL properties in Cloudera Manager according to the cluster configuration.

Table 1. TLS/SSL Settings for SMM
Properties	Description
SMM Server properties
Enable TLS/SSL for Streams Messaging Manager Rest Admin Server `ssl.enable`	Encrypts communication between clients and Streams Messaging Manager Rest Admin Server using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)).
Streams Messaging Manager port (SSL) `streams.messaging.manager.ssl.port`	The HTTPS port that Streams Messaging Manager REST server runs on when SSL is enabled.
Streams Messaging Manager Admin Port (SSL) `streams.messaging.manager.ssl.adminPort`	The HTTPS admin port that Streams Messaging Manager REST server runs on when SSL is enabled.
SSL Keystore Type `streams.messaging.manager.ssl.keyStoreType`	The keystore type. Required if Streams Messaging Manager REST server's SSL is enabled. For example, PKCS12 or JKS. If a value is not specified for this property, then the keystore type is inherited from Cloudera Manager settings.
SSL TrustStore Type `streams.messaging.manager.ssl.trustStoreType`	The truststore type. Required if SMM's SSL is enabled. For example, PKCS12 or JKS. If a value is not specified for this property, then the keystore type is inherited from Cloudera Manager settings.
Streams Messaging Manager Rest Admin Server TLS/SSL Server JKS Keystore File Location `streams.messaging.manager.ssl.keyStorePath`	The path to the TLS/SSL keystore file containing the server certificate and private key used for TLS/SSL. Used when Streams Messaging Manager Rest Admin Server functions as a TLS/SSL server.
Streams Messaging Manager Rest Admin Server TLS/SSL Server JKS Keystore File Password	The password for the Streams Messaging Manager Rest Admin Server keystore file.
Streams Messaging Manager Rest Admin Server TLS/SSL Server JKS Keystore Key Password	The password that protects the private key contained in the keystore. Used when Streams Messaging Manager Rest Admin Server functions as a TLS/SSL server.
Streams Messaging Manager Rest Admin Server TLS/SSL Client Trust Store File `streams.messaging.manager.ssl.trustStorePath`	The location on disk of the truststore used to confirm the authenticity of TLS/SSL servers to which the Streams Messaging Manager Rest Admin Server might connect. This is used when Streams Messaging Manager Rest Admin Server is the client in a TLS/SSL connection. This truststore must contain the certificate(s) used to sign the service(s) connected to. If a value is not specified for this property, the default list of known certificate authorities is used instead.
Streams Messaging Manager Rest Admin Server TLS/SSL Client Trust Store Password	The password for the Streams Messaging Manager Rest Admin Server TLS/SSL Certificate Trust Store File. This password is not mandatory to access the truststore; this field is optional. This password provides optional integrity checking of the file. The contents of truststores are certificates, and certificates are public information.
Cloudera Manager Metrics TrustStore Type `cm.metrics.truststore.type`	Cloudera Manager's truststore type. If a value is not specified for this property, then the keystore type is inherited from Cloudera Manager settings.
SSL ValidateCerts `streams.messaging.manager.ssl.validateCerts`	Whether or not to validate TLS certificates before starting SMM. If enabled, SMM does not start when certificates are expired or invalid.
SSL validatePeers `streams.messaging.manager.ssl.validatePeers`	Whether or not to validate TLS peer certificates.
SMM UI properties
Enable TLS/SSL for Streams Messaging Manager UI Server `streams.messaging.manager.ui.ssl.enable`	Encrypt communication between clients and Streams Messaging Manager UI Server using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)).
Streams Messaging Manager UI Server TLS/SSL Server Private Key File (PEM Format) `streams.messaging.manager.ui.ssl.private.key.location`	The path to the TLS/SSL file containing the private key used for TLS/SSL. Used when Streams Messaging Manager UI Server functions as a TLS/SSL server. The certificate file must be in Privacy Enhanced Mail (PEM) format.
Streams Messaging Manager UI Server TLS/SSL Server Certificate File (PEM Format) `streams.messaging.manager.ui.ssl.cert.location`	The path to the TLS/SSL file containing the server certificate key used for TLS/SSL. Used when Streams Messaging Manager UI Server functions as a TLS/SSL server. The certificate file must be in PEM format.
Streams Messaging Manager UI Server TLS/SSL Server CA Certificate (PEM Format) `streams.messaging.manager.ui.ssl.ca.cert.location`	The path to the TLS/SSL file containing the certificate of the certificate authority (CA) and any intermediate certificates used to sign the server certificate. Used when Streams Messaging Manager UI Server functions as a TLS/SSL server. The certificate file must be in PEM format, and is usually created by concatenating all of the appropriate root and intermediate certificates.
Streams Messaging Manager UI Server TLS/SSL Private Key Password	The password for the private key in the Streams Messaging Manager UI Server TLS/SSL Server Certificate and Private Key file. If a value is not specified for this property, the private key is not protected by a password.
Streams Messaging Manager UI Server TLS/SSL Certificate Trust Store File `streams.messaging.manager.ui.ssl.trust.store.location`	The location on disk of the truststore, in .pem format, used to confirm the authenticity of the TLS/SSL servers that Streams Messaging Manager UI Server might connect to. This is used when Streams Messaging Manager UI Server is the client in a TLS/SSL connection. This truststore must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not specified, the default list of known certificate authorities is used instead.
SMM Server’s Oracle TLS connection properties
Enable TLS with Oracle DB `streams.messaging.manager.enable.TLS.Oracle`	Enable TLS with Oracle as a database for Schema Registry.
Oracle.net.ssl_version `streams.messaging.manager.oracle.net.ssl_version`	Oracle net ssl version.
Oracle TLS javax.net.ssl.keyStore `streams.messaging.manager.javax.net.ssl.keyStore`	Path to keystore file if enabling TLS using Oracle database.
Oracle TLS javax.net.ssl.keyStoreType `streams.messaging.manager.javax.net.ssl.keyStoreType`	KeyStoreType type if enabling TLS using Oracle database.
Oracle TLS javax.net.ssl.keyStorePassword `streams.messaging.manager.javax.net.ssl.keyStorePassword`	KeyStorePassword if enabling TLS using Oracle database.
Oracle TLS javax.net.ssl.trustStore `streams.messaging.manager.javax.net.ssl.trustStore`	Required Path to truststore file if enabling TLS using Oracle database.
Oracle TLS javax.net.ssl.trustStoreType `streams.messaging.manager.javax.net.ssl.trustStoreType`	Required truststore type if enabling TLS using Oracle database.
Oracle TLS javax.net.ssl.trustStorePassword `streams.messaging.manager.javax.net.ssl.trustStorePassword`	TrustStorePassword type if enabling TLS using Oracle database.
Oracle TLS oracle.net.ssl_cipher_suites `streams.messaging.manager.oracle.net.ssl_cipher_suites`	Net SSL Cipher Suites if enabling TLS using Oracle database. For example, SSL_DH_DSS_WITH_DES_CBC_SHA.
Oracle TLS oracle.net.ssl_server_dn_match `streams.messaging.manager.oracle.net.ssl_server_dn_match`	SSL server domain name match if enabling TLS using Oracle database.
Oracle TLS oracle.net.authentication_services `streams.messaging.manager.oracle.net.authentication_services`	Oracle net authentication service if enabling TLS using Oracle database.