Schema Registry TLS properties

To enable and configure TLS manually for Schema Registry, edit the security properties according to the cluster configuration.

The following table lists the Security properties for Schema Registry:

Property Description
Schema Registry Port (SSL)
schema.registry.ssl.port
HTTPS port Schema Registry node runs on when SSL is enabled.
Schema Registry Admin Port (SSL)
schema.registry.ssl.adminPort
HTTPS admin port Schema Registry node runs on when SSL is enabled.
SSL KeyStore Type
schema.registry.ssl.keyStoreType
The keystore type. It is blank by default, but required if Schema Registry's SSL is enabled. For example, PKCS12 or JKS. If it is left empty, then this keystore type comes from Cloudera Manager settings.
SSL TrustStore Type
schema.registry.ssl.trustStoreType
The truststore type. It is blank by default, but required if Schema Registry's SSL is enabled. For example, PKCS12 or JKS. If it is left empty, then this truststore type comes from Cloudera Manager settings.
SSL ValidateCerts
schema.registry.ssl.validateCerts
Whether or not to validate TLS certificates before starting. If enabled, it refuses to start with expired or otherwise invalid certificates.
SSL ValidatePeers
schema.registry.ssl.validatePeers
Whether or not to validate TLS peer certificates.
Version of oracle.net.ssl
schema.registry.oracle.net.ssl_version
Oracle net SSL version.
Oracle TLS javax.net.ssl.keyStore
schema.registry.javax.net.ssl.keyStore
Path to keystore file if enabling TLS using Oracle DB.
Oracle TLS javax.net.ssl.keyStoreType
schema.registry.javax.net.ssl.keyStoreType
KeyStoreType type if enabling TLS using Oracle DB.
Oracle TLS javax.net.ssl.keyStorePassword
schema.registry.javax.net.ssl.keyStorePassword
KeyStorePassword if enabling TLS using Oracle DB.
Oracle TLS javax.net.ssl.trustStore
schema.registry.javax.net.ssl.trustStore
Required Path to truststore file if enabling TLS using Oracle DB.
Oracle TLS javax.net.ssl.trustStoreType
schema.registry.javax.net.ssl.trustStoreType
Required Truststore type if enabling TLS using Oracle DB.
Oracle TLS javax.net.ssl.trustStorePassword
schema.registry.javax.net.ssl.trustStorePassword
TrustStorePassword type if enabling TLS using Oracle DB.
Oracle TLS oracle.net.ssl_cipher_suites
schema.registry.oracle.net.ssl_cipher_suites
Oracle net SSL cipher suites if enabling TLS using Oracle DB, for exmaple SSL_DH_DSS_WITH_DES_CBC_SHA.
Oracle TLS oracle.net.ssl_server_dn_match
schema.registry.oracle.net.ssl_server_dn_match
Oracle SSL server domain name match if enabling TLS using Oracle DB.
Enable TLS/SSL for Schema Registry Server
ssl.enable
Encrypt communication between clients and Schema Registry Server using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)).
Schema Registry Server TLS/SSL Server JKS Keystore File Location
schema.registry.ssl.keyStorePath
The path to the TLS/SSL keystore file containing the server certificate and private key used for TLS/SSL. Used when Schema Registry Server is acting as a TLS/SSL server.
Schema Registry Server TLS/SSL Server JKS Keystore File Password
schema.registry.ssl.keyStorePassword
The password for the Schema Registry Server keystore file.
Schema Registry Server TLS/SSL Client Trust Store File
schema.registry.ssl.trustStorePath
The location on disk of the truststore, in .jks format, used to confirm the authenticity of TLS/SSL servers that Schema Registry Server might connect to. This is used when Schema Registry Server is the client in a TLS/SSL connection. This truststore must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of well-known certificate authorities is used instead.
Schema Registry Server TLS/SSL Client Trust Store Password
schema.registry.ssl.trustStorePassword
The password for the Schema Registry Server TLS/SSL certificate TrustStore file. This password is not required to access the truststore; this field can be left blank. This password provides optional integrity checking of the file. The contents of trust stores are certificates, and certificates are public information.