Configuring SSL/TLS certificate exchange between two Cloudera Manager instances

The Replication Manager configures replication peers between two clusters before running the replication job. You can manually set up an SSL/TLS certificate exchange between two Cloudera Manager instances that manage source and target cluster respectively. Replication Manager uses this information to set up the peers for secure data replication.

  1. List the contents of the keystore file located in the source cluster Cloudera Manager.
    /usr/lib/jvm/java-openjdk-11/bin/keytool -list -keystore /var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks -storepass [***password***]
  2. Export the certificate contents to the cert.txt file.
    /usr/java/default/bin/keytool -exportcert -keystore /var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks -alias cmrootca-0 -file ./cert.txt -storepass [***truststore_pass***]
    
  3. Copy the cert.txt file to all the hosts of the target cluster Cloudera Manager securely.
    $ mv cert.txt othercert.txt
    $ scp -i [***PEM file***] othercert.txt root@[***host_ip***]:/home/
  4. Import the certificate into the keystore file on all the hosts of the target cluster Cloudera Manager.
    /usr/java/default/bin/keytool -importcert -noprompt -v -trustcacerts -keystore /var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks -alias cmrootca-1 -file ./othercert.txt --storepass [***truststore_password***]
  5. Run steps 1 and 2 in the target cluster Cloudera Manager, and then copy the cert.txt file to all the hosts in the source cluster Cloudera Manager securely, and import the certificate into the keystore file on all the hosts of the source cluster Cloudera Manager (steps 3 and 4).