Configure ZooKeeper TLS/SSL using Cloudera Manager
TLS/SSL encryption between the ZooKeeper client and the ZooKeeper server and within the ZooKeeper Quorum is supported.
The ZooKeeper TLS/SSL feature has the following limitations:
- In each ZooKeeper server process the same ZooKeeper Server KeyStore / TrustStore configuration is used for both QuorumSSL and ClientSSL.
- HTTPS for the ZooKeeper REST Admin Server is still not supported. Even if you enable SSL for ZooKeeper, the AdminServer will still use HTTP only.
TLS/SSL encryption is automatically enabled when AutoTLS is enabled. As a result it is enabled by default in Data Hub cluster templates.
You can disable, enable and configure ZooKeeper TLS/SSL manually using Cloudera Manager:
The
following components support ZooKeeper TLS/SSL:
- Kafka
- Oozie