Configuring TLS/SSL encryption manually for Apache Knox

If you do not want to enable Auto-TLS because, for example, you need to use your own enterprise-generated certificates, you can manually enable TLS for Apache Knox.

  • Review certificate requirements. See TLS/SSL certificate requirements and recommendations for more information.
  • Review Understanding Keystores and Truststores.
  • Create certificates and configure Cloudera Manager properties. See Manually Configuring TLS Encryption for Cloudera Manager for more information.
  1. From the Cloudera Manager site, go to Clusters > Knox.
  2. Click the Configuration tab.
  3. Enter tls in the search field. The security properties appear.
  4. Edit the security properties according to the cluster configuration. For a list of security properties, see the Security section in Key Trustee Server Properties in Cloudera Runtime.
  5. Click Save Changes.
  6. Restart the Knox service.