Configuring TLS/SSL for Apache Atlas
How to configure TLS/SSL for Apache Atlas if you don't choose to use Cloudera Manager's Auto-TLS.
- In Cloudera Manager, select the Atlas service, then click the Configuration tab.
- Under Category, select Security.
-
Set or update the following properties.
Table 1. Apache Atlas TLS/SSL Settings Grouping Configuration Property Description Turn on TLS Enable TLS/SSL for Atlas Server
atlas.enableTLS
Select this check box to encrypt Atlas server communication using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)). This option enables TLS for communication between clients and Atlas Server, between the Atlas Server as a client and services it depends on, such as HBase, and between the Atlas Gateway server and Kafka messaging topics. Private Key Management Atlas Server TLS/SSL Server JKS Keystore File Location keystore.file
The path to the TLS/SSL keystore file containing the server certificate and private key Atlas uses to prove its own identity when it receives communication from other applications using the public key identified in Atlas Server TLS/SSL Client Trust Store File. The keystore must be in JKS format. Atlas Server TLS/SSL Server JKS Keystore File Password keystore.password
The password that allows access to the Atlas Server JKS keystore file. Atlas Server TLS/SSL Server JKS Keystore File Password password
(Optional) The password that protects the Atlas Server private key contained in the JKS keystore. Public Key Management Atlas Server TLS/SSL Client Trust Store File truststore.file
The path to a TLS/SSL public key trust store file, in .jks
format, that contains Atlas server public key. This trust store must contain the certificate(s) used to sign the connected service(s). If this parameter is not provided, the default list of well-known certificate authorities is used instead.Atlas Server TLS/SSL Client Trust Store Password truststore.password
(Optional) The password for the Atlas Server TLS/SSL Certificate trust store file. This password is not required to access the trust store; this field can be left blank. This password provides optional integrity checking of the file. The contents of trust stores are certificates, and certificates are public information. Gateway TLS/SSL Client Trust Store File atlas.kafka.ssl.truststore.location
The path to the trust store file, in .jks
format, used to confirm the authenticity of TLS/SSL servers that the Atlas Gateway might connect to. This trust store must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of well-known certificate authorities is used instead.Typically, this file is the same file listed in the
truststore.file
.Gateway TLS/SSL Client Trust Store Password atlas.kafka.ssl.truststore.password
The password for the Gateway TLS/SSL Certificate trust store file. This password is not required to access the trust store; this field can be left blank. This password provides optional integrity checking of the file. The contents of trust stores are certificates, and certificates are public information. - Click Save Changes.
- Restart the Atlas service.