Configuring TLS/SSL encryption manually for Apache Knox

If you do not want to enable Auto-TLS because, for example, you need to use your own enterprise-generated certificates, you can manually enable TLS for Apache Knox.

  • Review certificate requirements. See TLS/SSL certificate requirements and recommendations for more information.
  • Review Understanding Keystores and Truststores.
  • Create certificates and configure Cloudera Manager properties. See Manually Configuring TLS Encryption for Cloudera Manager for more information. Configuring TLS Encryption for Cloudera Manager Admin Console is required prior to enabling TLS encryption for Knox.
  1. From the Cloudera Manager site, go to Clusters > Knox.
  2. Click the Configuration tab.
  3. Enter tls in the search field. The security properties appear.
  4. Edit the security properties according to the cluster configuration. For a list of security properties, see the Security section in Key Trustee Server Properties in Cloudera Runtime.
  5. Click Save Changes.
  6. Restart the Knox service.