Configuring TLS/SSL encryption manually for DAS using Cloudera Manager

To secure the transfer of sensitive information between Data Analytics Studio (DAS) and Cloudera Manager as well as with other services within your cluster, you must enable TLS/SSL for both Event Processor and WebApp. You can configure TLS manually using Cloudera Manager or have it set up automatically using the “Auto-TLS” feature.

If you have Auto-TLS enabled at the cluster-level, then DAS is also configured to use the TLS encryption. To check whether Auto-TLS is enabled for your cluster:
  1. Sign in to Cloudera Manager as an administrator.
  2. Go to Administration > Security.
  3. If Auto-TLS is enabled, the Status page displays “Auto-TLS is Enabled.

    If Auto-TLS is not enabled, then click Enable Auto-TLS and complete the wizard.

If the TLS certificates are issued by your existing Certificate Authority (CA) to maintain a centralized chain of trust, then you can manually configure TLS for DAS. To manually configure TLS/SSL for DAS:

  1. Sign in to Cloudera Manager as an administrator.
  2. Go to Clusters > $Data Analytics Studio service > Configuration and select Enable TLS/SSL for Data Analytics Studio Eventprocessor and Enable TLS/SSL for Data Analytics Studio Webapp Server.
  3. Specify the location of the keystore and the truststore files and the corresponding passwords for both DAS Event Processor and WebApp server as explained in the following table:
    Property Description
    Data Analytics Studio Eventprocessor TLS/SSL Server JKS Keystore File Location

    Enter the location of the keystore file for the DAS Event Processor. This is used when the Event Processor is the server in a TLS/SSL connection.

    The keystore must be in JKS format.

    Data Analytics Studio Eventprocessor TLS/SSL Server JKS Keystore File Password

    Enter the password for the Event Processor JKS keystore file.

    Data Analytics Studio Webapp Server TLS/SSL Server JKS Keystore File Location

    Enter the location of the keystore file for the DAS WebApp. This is used when the WebApp is the server in a TLS/SSL connection.

    The keystore must be in JKS format.

    Data Analytics Studio Webapp Server TLS/SSL Server JKS Keystore File Password

    Enter the password for the WebApp JKS keystore file.

    Data Analytics Studio Eventprocessor TLS/SSL Client Trust Store File

    Enter the location of the truststore for the DAS Event Processor in JKS format. This is used when the Event Processor is the client in a TLS/SSL connection.

    The truststore must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of known certificate authorities is used instead.

    Data Analytics Studio Eventprocessor TLS/SSL Client Trust Store Password

    Enter the password for the Event Processor TLS/SSL Certificate Trust Store File. This password is not mandatory to access the truststore. If set, it checks the integrity of the file. The contents of truststores are certificates, and certificates are public information.

    Data Analytics Studio Webapp Server TLS/SSL Client Trust Store File

    Enter the location of the truststore for the DAS WebApp in JKS format. This is used when the WebApp server is the client in a TLS/SSL connection.

    The truststore must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of known certificate authorities is used instead.

    Data Analytics Studio Webapp Server TLS/SSL Client Trust Store Password

    Enter the password for the WebApp server TLS/SSL Certificate Trust Store File. This password is not mandatory to access the truststore. If set, it checks the integrity of the file. The contents of truststores are certificates, and certificates are public information.

  4. Click Save Changes.
  5. Restart the DAS service.