Enabling Hue as a TLS/SSL server using Cloudera Manager
You can use Cloudera Manager to enable TLS/SSL for the Hue server.
- Log in to Cloudera Manager as an Administrator.
- Go to Clusters > Hue service > Configuration and filter by SCOPE > Hue Server and CATEGORY > Security.
-
Edit the following Hue TLS/SSL properties according to your cluster configuration:
- Enable TLS/SSL for Hue: Select the check box to encrypt communication between clients and Hue with TLS/SSL.
- Hue TLS/SSL Server Certificate File (PEM Format)
ssl_certificate: Specifies the path to the TLS/SSL certificate on the
host that is running the Hue web server.
Ensure that you include the complete chain in the ssl_certificate PEM file.
The order of the certificates should be as follows from the top to bottom: server, intermediate, root.
If there are multiple intermediate CA certificates, then you must add them in the correct order. For example:Subject: CN=Hue Server Certificate Issuer: CN=Intermediate 2 Subject: CN=Intermediate 2 Issuer: CN=Intermediate 1 Subject: CN=Intermediate 1 Issuer: CN=RootCA Subject: CN=RootCA Issuer: CN=RootCA
- Hue TLS/SSL Server Private Key File (PEM Format) ssl_private_key: Specifies the path to the TLS/SSL private key on the host running the Hue web server.
- Hue TLS/SSL Private Key Password ssl_password: Specifies the password for the private key in the Hue TLS/SSL Server Certificate and Private Key file.
- Hue TLS/SSL Server CA Certificate (PEM Format) ssl_cacerts: Specifies the path to the TLS/SSL certificate authority root certificate on the host that is running the Hue web server.
-
Add the path to the certificate chain PEM file in
[desktop]
section of the Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini field:[desktop] ssl_certificate_chain=/[***PATH***]/[***TO***]/[***FULL-CHAIN***].pem
- Click Save Changes.
- Select Actions > Restart to restart the Hue service.
chmod 644 [***PATH-WHERE-SSL-FILES-FOR-HUE-ARE-LOCATED***]