Cloudera Docs

Encryption in SSB

You need to configure the TLS/SSL properties for the SQL Stream Builder.

Ensure that you have set up TLS for Cloudera Manager:
  • Generate TLS certificates
  • Configure TLS for Admin Console and Agents
  • Enable server certificate verification on Agents
  • Configure agent certificate authentication
  • Configure TLS encryption on the agent listening port
For more information, see the Cloudera Manager documentation.
  1. Click SQL Builder service on your Cluster.
  2. Click the Configuration tab.
  3. Select Category > Security.
    All the security related properties are displayed.
  4. Edit the security properties according to the cluster configuration.
    Materialized View Engine
    Enable TLS/SSL for Materialized View Engine Select the checkbox to encrypt communication between clients and Materialized View Engine using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)).
    Materialized View Engine TLS/SSL Server JKS Keystore File Location Path to the TLS/SSL keystore file containing the server certificate and private key used for TLS/SSL. Used when Materialized View Engine is acting as a TLS/SSL server. The keystore must be in JKS format.
    Materialized View Engine TLS/SSL Server JKS Keystore File Password Password for the Materialized View Engine JKS keystore file.
    Materialized View Engine TLS/SSL Server JKS Keystore Key Password Password that protects the private key contained in the JKS keystore.
    Materialized View Engine TLS/SSL Client Trust Store File Location of the Trust Store on disk. The Trust Store must be in JKS format. If this parameter is not provided, the default list of well-known certificate authorities is used instead.
    Materialized View Engine TLS/SSL Client Trust Store Password The password for the Materialized View Engine TLS/SSL Certificate Trust Store File. This password is not required to access the trust store; this field can be left blank. This password provides optional integrity checking of the file. The contents of trust stores are certificates, and certificates are public information.
    Streaming SQL Console
    Enable TLS/SSL for Streaming SQL Console Select the checkbox to encrypt communication between clients and Streaming SQL Console using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)).
    Streaming SQL Console TLS/SSL Server Private Key File (PEM Format) Path to the TLS/SSL file containing the private key used for TLS/SSL. Used when Streaming SQL Console is acting as a TLS/SSL server. The certificate file must be in PEM format.
    Streaming SQL Console TLS/SSL Server Certificate File (PEM Format) Path to the TLS/SSL file containing the server certificate key used for TLS/SSL. Used when Streaming SQL Console is acting as a TLS/SSL server. The certificate file must be in PEM format.
    Streaming SQL Console TLS/SSL Server CA Certificate (PEM Format) Path to the TLS/SSL file containing the certificate of the certificate authority (CA) and any intermediate certificates used to sign the server certificate. Used when Streaming SQL Console is acting as a TLS/SSL server. The certificate file must be in PEM format, and is usually created by concatenating all of the appropriate root and intermediate certificates.
    Streaming SQL Console TLS/SSL Private Key Password Password for the private key in the Streaming SQL Console TLS/SSL Server Certificate and Private Key file. If left blank, the private key is not protected by a password.
    Streaming SQL Console TLS/SSL Certificate Trust Store File Location on disk of the trust store, in .pem format, used to confirm the authenticity of TLS/SSL servers that Streaming SQL Console might connect to. This is used when Streaming SQL Console is the client in a TLS/SSL connection. This trust store must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of well-known certificate authorities is used instead.
    SQL Stream Engine
    Enable TLS/SSL for Streaming SQL Engine Select the checkbox to encrypt communication between clients and Streaming SQL Engine using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)).
    Streaming SQL Engine TLS/SSL Server JKS Keystore File Location Path to the TLS/SSL keystore file containing the server certificate and private key used for TLS/SSL. Used when Streaming SQL Engine is acting as a TLS/SSL server. The keystore must be in JKS format.
    Streaming SQL Engine TLS/SSL Server JKS Keystore File Password Password for the Streaming SQL Engine JKS keystore file.
    Streaming SQL Engine TLS/SSL Server JKS Keystore Key Password Password that protects the private key contained in the JKS keystore used when Streaming SQL Engine is acting as a TLS/SSL server.
    Streaming SQL Engine TLS/SSL Client Trust Store File Location on disk of the trust store, in .jks format, used to confirm the authenticity of TLS/SSL servers that Streaming SQL Engine might connect to. This is used when Streaming SQL Engine is the client in a TLS/SSL connection. This trust store must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of well-known certificate authorities is used instead.
    Streaming SQL Engine TLS/SSL Client Trust Store Password Password for the Streaming SQL Engine TLS/SSL Certificate Trust Store File. This password is not required to access the trust store; this field can be left blank. This password provides optional integrity checking of the file. The contents of trust stores are certificates, and certificates are public information.
  5. Click Save Changes.