Cloudera Docs

Configuring TLS 1.2 for Reports Manager

Cloudera recommends that you secure the network connection between the Reports Manager and the database using TLS (Transport Layer Security) 1.2 encryption. Use the following topics to learn how to enable TLS 1.2 on Reports Manager in the database environment.

Perform the following steps to configure TLS 1.2 on the Reports Manager for communicating with the database:

  1. On the Cloudera Manager UI, navigate to Clusters > Cloudera Management Service.
  2. Select the Configuration tab and search for reportsmanager_db_safety_valve.
  3. Based on your database type you must override headlamp.db.properties file with JDBC URL properties. Enter the appropriate values in the following format to override the connection to use TLS 1.2.
    • MySQL
      com.cloudera.headlamp.orm.hibernate.connection.url=jdbc:mysql://<DB-HOST>:<DB-PORT>/<DB_NAME>?useSSL=true&trustCertificateKeyStoreUrl=<PATH_TO_TRUSTSTORE_FILE>&trustCertificateKeyStoreType=<TRUSTSTORE_TYPE>&trustCertificateKeyStorePassword=<TRUSTSTORE_PASSWORD>&enabledTLSProtocols=TLSv1.2
com.cloudera.headlamp.db.type=mysql
com.cloudera.headlamp.db.host=<DB-HOST>:<DB-PORT>
com.cloudera.headlamp.db.name=<DB_NAME>
    • MariaDB
      com.cloudera.headlamp.orm.hibernate.connection.url=jdbc:mysql://<DB-HOST>:<DB-PORT>/<DB_NAME>?useSSL=true&trustCertificateKeyStoreUrl=<PATH_TO_TRUSTSTORE_FILE>&trustCertificateKeyStoreType=<TRUSTSTORE_TYPE>&trustCertificateKeyStorePassword=<TRUSTSTORE_PASSWORD>&enabledTLSProtocols=TLSv1.2
com.cloudera.headlamp.db.type=mariadb
com.cloudera.headlamp.db.host=<DB-HOST>:<DB-PORT>
com.cloudera.headlamp.db.name=<DB_NAME>
    • PostgreSQL
      com.cloudera.headlamp.orm.hibernate.connection.url=jdbc:postgresql://<DB-HOST>:<DB-PORT>/<DB_NAME>?useSSL=true&trustCertificateKeyStoreUrl=<PATH_TO_TRUSTSTORE_FILE>&trustCertificateKeyStoreType=<TRUSTSTORE_TYPE>&trustCertificateKeyStorePassword=<TRUSTSTORE_PASSWORD>
com.cloudera.headlamp.db.type=postgresql
com.cloudera.headlamp.db.host=<DB-HOST>:<DB-PORT>
com.cloudera.headlamp.db.name=<DB_NAME>
    • Oracle TCPS
      com.cloudera.headlamp.orm.hibernate.connection.url=jdbc:oracle:thin:@tcps://<DB-HOST>:<DB-PORT>:<DB_NAME>?javax.net.ssl.trustStore=<PATH_TO_TRUSTSTORE_FILE>&javax.net.ssl.trustStorePassword=<TRUSTSTORE_PASSWORD>&oracle.net.ssl_server_dn_match=false
com.cloudera.headlamp.db.type=oracle
com.cloudera.headlamp.db.host=<DB-HOST>:<DB-PORT>
com.cloudera.headlamp.db.name=<DB_NAME>