To secure the transfer of sensitive information between Data Analytics Studio (DAS)
and Cloudera Manager as well as with other services within your cluster, you must enable
TLS/SSL for both Event Processor and WebApp. You can configure TLS manually using Cloudera
Manager or have it set up automatically using the “Auto-TLS” feature.
If you have Auto-TLS enabled at the cluster-level, then DAS is also configured to use
the TLS encryption. To check whether Auto-TLS is enabled for your cluster:
- Sign in to Cloudera Manager as an administrator.
- Go to .
- If Auto-TLS is enabled, the Status page displays
“Auto-TLS is Enabled.”
If Auto-TLS is not
enabled, then click Enable Auto-TLS and complete
the wizard.
If the TLS certificates are issued by your existing Certificate Authority (CA) to
maintain a centralized chain of trust, then you can manually configure TLS for DAS.
To manually configure TLS/SSL for DAS:
-
Sign in to Cloudera Manager as an administrator.
-
Go to and select Enable TLS/SSL for Data Analytics Studio
Eventprocessor and Enable TLS/SSL for Data Analytics
Studio Webapp Server.
-
Specify the location of the keystore and the truststore files and the
corresponding passwords for both DAS Event Processor and WebApp server as
explained in the following table:
Property |
Description |
Data Analytics Studio Eventprocessor TLS/SSL Server
JKS Keystore File Location |
Enter the location of the keystore file for the DAS Event
Processor. This is used when the Event Processor is the server
in a TLS/SSL connection.
The keystore must be in JKS format.
|
Data Analytics Studio Eventprocessor TLS/SSL Server
JKS Keystore File Password |
Enter the password for the Event Processor JKS keystore file.
|
Data Analytics Studio Webapp Server TLS/SSL Server
JKS Keystore File Location |
Enter the location of the keystore file for the DAS WebApp. This
is used when the WebApp is the server in a TLS/SSL
connection.
The keystore must be in JKS format.
|
Data Analytics Studio Webapp Server TLS/SSL Server
JKS Keystore File Password |
Enter the password for the WebApp JKS keystore file.
|
Data Analytics Studio Eventprocessor TLS/SSL Client
Trust Store File |
Enter the location of the truststore for the DAS Event Processor
in JKS format. This is used when the Event Processor is the
client in a TLS/SSL connection.
The truststore must contain the certificate(s) used to sign the
service(s) connected to. If this parameter is not provided, the
default list of known certificate authorities is used
instead.
|
Data Analytics Studio Eventprocessor TLS/SSL Client
Trust Store Password |
Enter the password for the Event Processor TLS/SSL Certificate
Trust Store File. This password is not mandatory to access the
truststore. If set, it checks the integrity of the file. The
contents of truststores are certificates, and certificates are
public information.
|
Data Analytics Studio Webapp Server TLS/SSL Client
Trust Store File |
Enter the location of the truststore for the DAS WebApp
in JKS format. This is used when the WebApp server is the client
in a TLS/SSL connection.
The truststore must contain the certificate(s) used to
sign the service(s) connected to. If this parameter is not
provided, the default list of known certificate authorities is
used instead.
|
Data Analytics Studio Webapp Server TLS/SSL Client
Trust Store Password |
Enter the password for the WebApp server TLS/SSL
Certificate Trust Store File. This password is not mandatory to
access the truststore. If set, it checks the integrity of the
file. The contents of truststores are certificates, and
certificates are public information.
|
-
Click Save Changes.
-
Restart the DAS service.