Cloudera Docs

Configuring Streams Messaging Manager to connect to TLS 1.2/TCPS-enabled databases

Learn how you can configure an existing Streams Messaging Manager service to securely connect to its database using TLS 1.2.

  • Ensure that TLS 1.2 has already been enabled on the Streams Messaging Manager database.
  • Ensure that a truststore file containing the database certificate is available on the Streams Messaging Manager hosts. Additionally, ensure that you know the location of the file and that the user Streams Messaging Manager runs as has access to the file. The default user for Streams Messaging Manager is streamsmsgmgr.
  1. From Cloudera Manager, select Streams Messaging Manager service.
  2. Go to Configuration > Streams Messaging Manager Database JDBC Url Override and enter the following configuration values depending on the database type.
    MySQL
    jdbc:mysql://[***DB HOST***]:[***DB PORT***]/[***DB NAME***]?useSSL=true&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE PASSWORD***]&enabledTLSProtocols=TLSv1.2
    PostgreSQL
    jdbc:postgresql://[***DB HOST***]:[***DB PORT***]/[***DB NAME***]?useSSL=true&trustCertificateKeyStoreUrl=file://[***TRUSTSTORE PATH***]&trustCertificateKeyStoreType=jks&trustCertificateKeyStorePassword=[***TRUSTSTORE PASSWORD***]&enabledTLSProtocols=TLSv1.2
    Oracle
    jdbc:oracle:thin:@tcps://[***DB HOST***]:[***DB PORT***]/[***DB NAME***]?javax.net.ssl.trustStore=[***TRUSTSTORE PATH***]&javax.net.ssl.trustStorePassword=[***TRUSTSTORE PASSWORD***]&oracle.net.ssl_server_dn_match=false
    • Replace [***DB HOST***], [***DB PORT***], and [***DB NAME***] with the host, port, and name of the database.
    • Replace [***TRUSTSTORE PATH***] with the full path to a truststore that contains the database certificate. The truststore must be available on the host that SMM is deployed on. Additionally, the user that the Streams Messaging Manager service runs as, default is streamsmsgmgr, must have access to the file.
    • Replace [***TRUSTSTORE PASSWORD***] with the password used to access the truststore you specify in [***TRUSTSTORE PATH***].
  3. Click Save Changes.
  4. Restart the Streams Messaging Manager service.
The Streams Messaging Manager service establishes a secure connection with its database.