Configuring TLS/SSL encryption manually for Key Trustee Server

If you do not want to enable Auto-TLS because for example, you need to use your own enterprise-generated certificates, you can manually enable TLS for Key Trustee Server.

When KTS HA is used, the properties that are available for the Active KTS are also available for the Passive KTS.

  • Review certificate requirements. See TLS/SSL certificate requirements and recommendations for more information.
  • Review Understanding Keystores and Truststores.
  • Create certificates and configure Cloudera Manager properties. See Manually Configuring TLS Encryption for Cloudera Manager for more information.
  1. From the Cloudera Manager site, go to Clusters > Key Trustee Server.
  2. Click the Configuration tab.
  3. Enter tls in the search field. The security properties appear.
  4. Edit the security properties according to the cluster configuration. For a list of security properties, see the Security section in Key Trustee Server Properties in Cloudera Runtime.
  5. Click Save Changes.
  6. Restart the Key Trustee Server service.