TLS/SSL settings for Streams Messaging Manager

To enable TLS/SSL settings for Streams Messaging Manager (SMM), you need to configure SMM server properties, SMM UI properties, and SMM Server’s Oracle TLS connection properties in Cloudera Manager according to the cluster configuration.

Table 1. TLS/SSL Settings for SMM
Properties	Description
SMM Server properties
Enable TLS/SSL for Streams Messaging Manager Rest Admin Server `ssl.enable`	Encrypt communication between clients and Streams Messaging Manager Rest Admin Server using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)).
Streams Messaging Manager port (SSL) `streams.messaging.manager.ssl.port`	HTTPS port Streams Messaging Manager rest server runs on when SSL is enabled.
Streams Messaging Manager Admin Port (SSL) `streams.messaging.manager.ssl.adminPort`	HTTPS admin port Streams Messaging Manager rest server runs on when SSL is enabled.
SSL Keystore Type `streams.messaging.manager.ssl.keyStoreType`	The keystore type. Required if Streams Messaging Manager rest server's SSL is enabled. e.g. PKCS12 or JKS. If it is left empty then the keystore type will come from CM settings.
SSL TrustStore Type `streams.messaging.manager.ssl.trustStoreType`	The truststore type. Required if streams messaging manager's ssl is enabled. e.g. PKCS12 or JKS. If it is left empty then the keystore type will come from CM settings.
Streams Messaging Manager Rest Admin Server TLS/SSL Server JKS Keystore File Location `streams.messaging.manager.ssl.keyStorePath`	The path to the TLS/SSL keystore file containing the server certificate and private key used for TLS/SSL. Used when Streams Messaging Manager Rest Admin Server is acting as a TLS/SSL server.
Streams Messaging Manager Rest Admin Server TLS/SSL Server JKS Keystore File Password	The password for the Streams Messaging Manager Rest Admin Server keystore file.
Streams Messaging Manager Rest Admin Server TLS/SSL Server JKS Keystore Key Password	The password that protects the private key contained in the keystore used when Streams Messaging Manager Rest Admin Server is acting as a TLS/SSL server.
Streams Messaging Manager Rest Admin Server TLS/SSL Client Trust Store File `streams.messaging.manager.ssl.trustStorePath`	The location on disk of the trust store used to confirm the authenticity of TLS/SSL servers that Streams Messaging Manager Rest Admin Server might connect to. This is used when Streams Messaging Manager Rest Admin Server is the client in a TLS/SSL connection. This trust store must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of well-known certificate authorities is used instead.
Streams Messaging Manager Rest Admin Server TLS/SSL Client Trust Store Password	The password for the Streams Messaging Manager Rest Admin Server TLS/SSL Certificate Trust Store File. This password is not required to access the trust store; this field can be left blank. This password provides optional integrity checking of the file. The contents of trust stores are certificates, and certificates are public information.
Cloudera Manager Metrics TrustStore Type `cm.metrics.truststore.type`	Cloudera Manager's truststore type. If it is left empty then the keystore type will come from CM settings. If it is left empty then the keystore type will come from CM settings.
SSL ValidateCerts `streams.messaging.manager.ssl.validateCerts`	Whether or not to validate TLS certificates before starting. If enabled, it will refuse to start with expired or otherwise invalid certificates.
SSL validatePeers `streams.messaging.manager.ssl.validatePeers`	Whether or not to validate TLS peer certificates.
SMM UI properties
Enable TLS/SSL for Streams Messaging Manager UI Server `streams.messaging.manager.ui.ssl.enable`	Encrypt communication between clients and Streams Messaging Manager UI Server using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)).
Streams Messaging Manager UI Server TLS/SSL Server Private Key File (PEM Format) `streams.messaging.manager.ui.ssl.private.key.location`	The path to the TLS/SSL file containing the private key used for TLS/SSL. Used when Streams Messaging Manager UI Server is acting as a TLS/SSL server. The certificate file must be in PEM format.
Streams Messaging Manager UI Server TLS/SSL Server Certificate File (PEM Format) `streams.messaging.manager.ui.ssl.cert.location`	The path to the TLS/SSL file containing the server certificate key used for TLS/SSL. Used when Streams Messaging Manager UI Server is acting as a TLS/SSL server. The certificate file must be in PEM format.
Streams Messaging Manager UI Server TLS/SSL Server CA Certificate (PEM Format) `streams.messaging.manager.ui.ssl.ca.cert.location`	The path to the TLS/SSL file containing the certificate of the certificate authority (CA) and any intermediate certificates used to sign the server certificate. Used when Streams Messaging Manager UI Server is acting as a TLS/SSL server. The certificate file must be in PEM format, and is usually created by concatenating all of the appropriate root and intermediate certificates.
Streams Messaging Manager UI Server TLS/SSL Private Key Password	The password for the private key in the Streams Messaging Manager UI Server TLS/SSL Server Certificate and Private Key file. If left blank, the private key is not protected by a password.
Streams Messaging Manager UI Server TLS/SSL Certificate Trust Store File `streams.messaging.manager.ui.ssl.trust.store.location`	The location on disk of the trust store, in .pem format, used to confirm the authenticity of TLS/SSL servers that Streams Messaging Manager UI Server might connect to. This is used when Streams Messaging Manager UI Server is the client in a TLS/SSL connection. This trust store must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of well-known certificate authorities is used instead.
SMM Server’s Oracle TLS connection properties
Enable TLS with Oracle DB `streams.messaging.manager.enable.TLS.Oracle`	Enable TLS with Oracle as DB for Schema Registry.
Oracle.net.ssl_version `streams.messaging.manager.oracle.net.ssl_version`	Oracle net ssl version.
Oracle TLS javax.net.ssl.keyStore `streams.messaging.manager.javax.net.ssl.keyStore`	Path to keystore file if enabling TLS using Oracle DB.
Oracle TLS javax.net.ssl.keyStoreType `streams.messaging.manager.javax.net.ssl.keyStoreType`	KeyStoreType type if enabling TLS using Oracle DB.
Oracle TLS javax.net.ssl.keyStorePassword `streams.messaging.manager.javax.net.ssl.keyStorePassword`	KeyStorePassword if enabling TLS using Oracle DB.
Oracle TLS javax.net.ssl.trustStore `streams.messaging.manager.javax.net.ssl.trustStore`	Required Path to truststore file if enabling TLS using Oracle DB.
Oracle TLS javax.net.ssl.trustStoreType `streams.messaging.manager.javax.net.ssl.trustStoreType`	Required Truststore type if enabling TLS using Oracle DB.
Oracle TLS javax.net.ssl.trustStorePassword `streams.messaging.manager.javax.net.ssl.trustStorePassword`	TrustStorePassword type if enabling TLS using Oracle DB.
Oracle TLS oracle.net.ssl_cipher_suites `streams.messaging.manager.oracle.net.ssl_cipher_suites`	net ssl cipher suites if enabling TLS using Oracle DB e.g. SSL_DH_DSS_WITH_DES_CBC_SHA.
Oracle TLS oracle.net.ssl_server_dn_match `streams.messaging.manager.oracle.net.ssl_server_dn_match`	ssl server domain name match if enabling TLS using Oracle DB.
Oracle TLS oracle.net.authentication_services `streams.messaging.manager.oracle.net.authentication_services`	Oracle net authentication service if enabling TLS using Oracle DB.