Configuring TLS/SSL encryption manually for Apache Knox

If you do not want to enable Auto-TLS because, for example, you need to use your own enterprise-generated certificates, you can manually enable TLS for Apache Knox.

• Review certificate requirements. See TLS/SSL certificate requirements and recommendations for more information.
• Review Understanding Keystores and Truststores.
• Create certificates and configure Cloudera Manager properties. See Manually Configuring TLS Encryption for Cloudera Manager for more information.

1. From the Cloudera Manager site, go to Clusters > Knox.
2. Click the Configuration tab.
3. Enter tls in the search field. The security properties appear.
4. Edit the security properties according to the cluster configuration. For a list of security properties, see the Security section in Key Trustee Server Properties in Cloudera Runtime.
5. Click Save Changes.
6. Restart the Knox service.