Configuring SSL/TLS certificate exchange between two Cloudera Manager instances
You must manually set up an SSL/TLS certificate exchange between two Cloudera Manager instances that manage source and target cluster respectively. Replication Manager uses this information to set up the peers for secure data replication.
When the source Cloudera Manager is configured for high availability and is Auto-TLS enabled, the certificate exchange is initiated from the source cluster to the target cluster where the certificate is exported from the load balancer node of the source cluster.
-
Go to the truststore location in source Cloudera Manager, and
perform the following steps:
-
Go to the truststore location in target Cloudera Manager, and
perform the following steps:
- List the contents of the keystore file and password using the [***KEYTOOL PATH***] -list -keystore [***TRUSTSTORE JKS FILE LOCATION ***] -storepass [***TRUSTSTORE PASSWORD***] command.
- Export the certificate contents in the host to a file using the [***KEYTOOL***] -exportcert -keystore [***TRUSTSTORE JKS FILE LOCATION ***] -alias [***CM ALIAS ON DEST CM***] -file ./[***TXT file, for example: dest-cert.txt***] -storepass [***TRUSTSTORE_PASSWORD***] command.
- Copy the text file to all the hosts of the source cluster Cloudera Manager securely using the scp -i [***PEM FILE***] [***TXT file - dest-cert.txt***] root@[***HOST IP***]:/home/ command.
- Import the certificate into the keystore file on all the hosts of the source Cloudera Manager using the [***KEYTOOL***] -importcert -noprompt -v -trustcacerts -keystore [***TRUSTSTORE JKS FILE LOCATION ***] -alias [***CM ALIAS ON SRC CM***] -file ./[***TXT file - dest-cert.txt***] --storepass [***TRUSTSTORE PASSWORD***] command.
-
Import the S3G CA certificate from the cluster to the local JDK path using the
following commands: