Configuring TLS/SSL encryption manually for Zeppelin

You can enable TLS manually for the Apache Zeppelin Server.

  1. In Cloudera Manager, select the Zeppelin service from the Clusters drop-down menu.
  2. In the Configuration tab, enter tls into the search box.
  3. Edit the following property fields as needed for your cluster and environment:
    Property Description
    Enable TLS/SSL for Zeppelin Server Encrypt communication between clients and Zeppelin Server using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)).
    Zeppelin Server TLS/SSL Server JKS Keystore File Location The path to the TLS/SSL keystore file containing the server certificate and private key used for TLS/SSL. Used when Zeppelin Server is acting as a TLS/SSL server. The keystore must be in JKS format.
    Zeppelin Server TLS/SSL Server JKS Keystore File Password The password for the Zeppelin Server JKS keystore file.
    Zeppelin Server TLS/SSL Trust Store File The location on disk of the trust store, in .jks format, used to confirm the authenticity of TLS/SSL servers that Zeppelin Server might connect to. This trust store must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of well-known certificate authorities is used instead.
    Zeppelin Server TLS/SSL Trust Store Password The password for the Zeppelin Server TLS/SSL Trust Store File. This password is not required to access the trust store; this field can be left blank. This password provides optional integrity checking of the file. The contents of trust stores are certificates, and certificates are public information.
  4. Click Save Changes.
  5. Restart the Zeppelin service.