Configuring TLS/SSL encryption manually for Ozone HttpFS gateway

You can configure TLS/SSL encryption manually for Ozone HttpFS gateway using Cloudera Manager.

The keystores containing certificates that are bound to the proper domain names are accessible on all the hosts on which at least one Ozone role instance is running.
The hdfs user has read permissions to the keystore files for Ozone.
You must specify absolute paths to the keystore file. These settings apply to all hosts on which the various Ozone role instances run. Therefore, the paths that you specify must be valid on all the hosts. In addition, the keystore file names for Ozone must be the same on all hosts.

In Cloudera Manager, go to Ozone > Configuration.
Search for tls/ssl.
Enter the TLS/SSL properties for the various Ozone roles.
Provide the values for the properties corresponding to the following fields on the Ozone configuration page:
- Enable TLS/SSL for HttpFS Gateway
- HttpFS Gateway TLS/SSL Server JKS Keystore File Location
- HttpFS Gateway TLS/SSL Server JKS Keystore File Password
- HttpFS Gateway TLS/SSL Server JKS Keystore Key Password
- note
  Ensure that you configure the ozone.prometheus.ca.file property when configuring TLS/SSL encryption for Ozone. If the location of the root CA certificate is not specified, the location of the auto-TLS CA certificate is considered as the default value for this property.
Click Save Changes and restart the Ozone service.