Auto-TLS Requirements and Limitations
Reference information for Auto-TLS requirements, limitations, and component support.
- You must install the Cloudera Manager Agent software on the Cloudera Manager Server host.
- You can enable auto-TLS using certificates created and managed by a Cloudera
Manager certificate authority (CA), or certificates signed by a trusted
public CA or your own internal CA. If you want to use a trusted public CA or
your own internal CA, you must obtain all of the host certificates before
enabling auto-TLS. For instructions on obtaining certificates from a CA, see
Manually Configuring TLS Encryption for Cloudera Manager>
On Each Cluster Host.
Component support for Auto-TLS
The following Cloudera Enterprise services support auto-TLS:
- Cloudera Manager Host Monitor Debug Interface
- Cloudera Manager Service Monitor Debug Interface
- HDFS Client Configuration
- HDFS NameNode Web UI
- Hue Client
- Hue Load Balancer
- Hue Server
- Impala Catalog Server
- Impala Server
- Impala StateStore
- Java Keystore Key Management Server (KMS)
- Kafka Broker Server
- Kafka Mirrormaker
- Safenet Luna Hardware Security Modules (HSM) KMS
- Spark History Server
- Thales HSM KMS
- YARN Web UI
For unlisted Cloudera Enterprise services, you must enable TLS manually. See the applicable component guide for more information.