Schema Registry TLS properties
To enable and configure TLS manually for Schema Registry, edit the security properties according to the cluster configuration.
The following table lists the Security properties for Schema Registry:
Property | Description |
---|---|
Schema Registry Port (SSL)
|
HTTPS port Schema Registry node runs on when SSL is enabled. |
Schema Registry Admin Port
(SSL)
|
HTTPS admin port Schema Registry node runs on when SSL is enabled. |
SSL KeyStore Type
|
The keystore type. It is blank by default, but required if Schema Registry's SSL is enabled. For example, PKCS12 or JKS. If it is left empty, then this keystore type comes from Cloudera Manager settings. |
SSL TrustStore Type
|
The truststore type. It is blank by default, but required if Schema Registry's SSL is enabled. For example, PKCS12 or JKS. If it is left empty, then this truststore type comes from Cloudera Manager settings. |
SSL ValidateCerts
|
Whether or not to validate TLS certificates before starting. If enabled, it refuses to start with expired or otherwise invalid certificates. |
SSL ValidatePeers
|
Whether or not to validate TLS peer certificates. |
Version of
oracle.net.ssl
|
Oracle net SSL version. |
Oracle TLS
javax.net.ssl.keyStore
|
Path to keystore file if enabling TLS using Oracle DB. |
Oracle TLS
javax.net.ssl.keyStoreType
|
KeyStoreType type if enabling TLS using Oracle DB. |
Oracle TLS
javax.net.ssl.keyStorePassword
|
KeyStorePassword if enabling TLS using Oracle DB. |
Oracle TLS
javax.net.ssl.trustStore
|
Required Path to truststore file if enabling TLS using Oracle DB. |
Oracle TLS
javax.net.ssl.trustStoreType
|
Required Truststore type if enabling TLS using Oracle DB. |
Oracle TLS
javax.net.ssl.trustStorePassword
|
TrustStorePassword type if enabling TLS using Oracle DB. |
Oracle TLS
oracle.net.ssl_cipher_suites
|
Oracle net SSL cipher suites if enabling TLS using Oracle DB, for exmaple
SSL_DH_DSS_WITH_DES_CBC_SHA . |
Oracle TLS
oracle.net.ssl_server_dn_match
|
Oracle SSL server domain name match if enabling TLS using Oracle DB. |
Enable TLS/SSL for Schema Registry Server
|
Encrypt communication between clients and Schema Registry Server using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)). |
Schema Registry Server TLS/SSL Server JKS Keystore File
Location
|
The path to the TLS/SSL keystore file containing the server certificate and private key used for TLS/SSL. Used when Schema Registry Server is acting as a TLS/SSL server. |
Schema Registry Server TLS/SSL Server JKS Keystore File
Password
|
The password for the Schema Registry Server keystore file. |
Schema Registry Server TLS/SSL Client Trust Store
File
|
The location on disk of the truststore, in .jks format, used to
confirm the authenticity of TLS/SSL servers that Schema Registry Server might connect to.
This is used when Schema Registry Server is the client in a TLS/SSL connection. This
truststore must contain the certificate(s) used to sign the service(s) connected to. If this
parameter is not provided, the default list of well-known certificate authorities is used
instead. |
Schema Registry Server TLS/SSL Client Trust Store
Password
|
The password for the Schema Registry Server TLS/SSL certificate TrustStore file. This password is not required to access the truststore; this field can be left blank. This password provides optional integrity checking of the file. The contents of trust stores are certificates, and certificates are public information. |