Configuring TLS/SSL encryption manually for Apache Knox
If you do not want to enable Auto-TLS because, for example, you need to use your own enterprise-generated certificates, you can manually enable TLS for Apache Knox.
- Review certificate requirements. See TLS/SSL certificate requirements and recommendations for more information.
- Review Understanding Keystores and Truststores.
- Create certificates and configure Cloudera Manager properties. See Manually Configuring TLS Encryption for Cloudera Manager for more information.
- From the Cloudera Manager site, go to Clusters > Knox.
- Click the Configuration tab.
- Enter tls in the search field. The security properties appear.
- Edit the security properties according to the cluster configuration. For a list of security properties, see the Security section in Key Trustee Server Properties in Cloudera Runtime.
- Click Save Changes.
- Restart the Knox service.