Encryption in SSB
When auto-TLS is disabled for the SQL Stream Builder (SSB) service, you must manually set the TLS properties for SSB in Cloudera Manager.
Ensure that you have set up Transport Layer Security (TLS) (formerly known as Secure Socket
Layer (SSL)) for Cloudera Manager:
- Generated TLS certificates
- Configured TLS for Admin Console and Agents
- Enabled server certificate verification on Agents
- Configured agent certificate authentication
- Configured TLS encryption on the agent listening port
- Click SQL Builder service on your Cluster.
- Go to the Configuration tab.
-
Select Category > Security.
All the security related properties are displayed.
-
Edit the security properties according to the cluster configuration.
Materialized View Engine Enable TLS/SSL for Materialized View Engine Select the option to encrypt communication between clients and Materialized View Engine using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)). Materialized View Engine TLS/SSL Server JKS Keystore File Location Path to the TLS/SSL keystore file containing the server certificate and private key used for TLS/SSL. Used when Materialized View Engine is acting as a TLS/SSL server. The keystore must be in JKS format. Materialized View Engine TLS/SSL Server JKS Keystore File Password Password for the Materialized View Engine JKS keystore file. Materialized View Engine TLS/SSL Server JKS Keystore Key Password Password that protects the private key contained in the JKS keystore. Materialized View Engine TLS/SSL Client Trust Store File Location of the truststore on disk. The truststore must be in JKS format. If this parameter is not provided, the default list of known certificate authorities is used instead. Materialized View Engine TLS/SSL Client Trust Store Password The password for the Materialized View Engine TLS/SSL Certificate truststore file. This password is not mandatory to access the truststore; this field is optional. This password provides optional integrity checking of the file. The contents of truststores are certificates, and certificates are public information. SQL Stream Engine Enable TLS/SSL for Streaming SQL Engine Select the option to encrypt communication between clients and Streaming SQL Engine using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)). Streaming SQL Engine TLS/SSL Server JKS Keystore File Location Path to the TLS/SSL keystore file containing the server certificate and private key used for TLS/SSL. Used when Streaming SQL Engine is acting as a TLS/SSL server. The keystore must be in JKS format. Streaming SQL Engine TLS/SSL Server JKS Keystore File Password Password for the Streaming SQL Engine JKS keystore file. Streaming SQL Engine TLS/SSL Server JKS Keystore Key Password Password that protects the private key contained in the JKS keystore used when Streaming SQL Engine is acting as a TLS/SSL server. Streaming SQL Engine TLS/SSL Client Trust Store File Location on disk of the truststore, in .jks format, used to confirm the authenticity of TLS/SSL servers that Streaming SQL Engine might connect to. This is used when Streaming SQL Engine is the client in a TLS/SSL connection. This truststore must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of known certificate authorities is used instead. Streaming SQL Engine TLS/SSL Client Trust Store Password Password for the Streaming SQL Engine TLS/SSL Certificate Trust Store file. This password is not mandatory to access the trust store; this field is optional. This password provides optional integrity checking of the file. The contents of truststores are certificates, and certificates are public information. - Click Save Changes.