TLS encryption using auto-TLS

Auto-TLS greatly simplifies the process of enabling and managing TLS encryption on your cluster.

Auto-TLS automates the creation of an internal certificate authority (CA) and deployment of certificates across all cluster hosts. It can also automate the distribution of existing certificates, such as those signed by a public CA. Adding new cluster hosts or services to a cluster with auto-TLS enabled automatically creates and deploys the required certificates.

In CDP, auto-TLS is enabled by default. CDP supports TLS 1.2.

When TLS is enabled for the Cloudera Manager Admin Console, web requests now include the Strict-Transport-Security header. For more details about this header, see "Strict-Transport-Security (Mozilla)".