TLS/SSL settings for Streams Messaging Manager

To enable TLS/SSL settings for Streams Messaging Manager (SMM), you need to configure SMM server properties, SMM UI properties, and SMM Server’s Oracle TLS connection properties in Cloudera Manager according to the cluster configuration.

Properties Description
SMM server properties
Enable TLS/SSL for Streams Messaging Manager Rest Admin Server

ssl.enable

Encrypt communication between clients and Streams Messaging Manager Rest Admin Server using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)).
Streams Messaging Manager port (SSL)

streams.messaging.manager.ssl.port

HTTPS port Streams Messaging Manager rest server runs on when SSL is enabled.
Streams Messaging Manager Admin Port (SSL)

streams.messaging.manager.ssl.adminPort

HTTPS admin port Streams Messaging Manager rest server runs on when SSL is enabled.
SSL Keystore Type

streams.messaging.manager.ssl.keyStoreType

The keystore type. Required if Streams Messaging Manager rest server's SSL is enabled. e.g. PKCS12 or JKS. If it is left empty then the keystore type will come from CM settings.
SSL TrustStore Type

streams.messaging.manager.ssl.trustStoreType

The truststore type. Required if streams messaging manager's ssl is enabled. e.g. PKCS12 or JKS. If it is left empty then the keystore type will come from CM settings.
Streams Messaging Manager Rest Admin Server TLS/SSL Server JKS Keystore File Location

streams.messaging.manager.ssl.keyStorePath

The path to the TLS/SSL keystore file containing the server certificate and private key used for TLS/SSL. Used when Streams Messaging Manager Rest Admin Server is acting as a TLS/SSL server.
Streams Messaging Manager Rest Admin Server TLS/SSL Server JKS Keystore File Password The password for the Streams Messaging Manager Rest Admin Server keystore file.
Streams Messaging Manager Rest Admin Server TLS/SSL Server JKS Keystore Key Password The password that protects the private key contained in the keystore used when Streams Messaging Manager Rest Admin Server is acting as a TLS/SSL server.
Streams Messaging Manager Rest Admin Server TLS/SSL Client Trust Store File

streams.messaging.manager.ssl.trustStorePath

The location on disk of the trust store used to confirm the authenticity of TLS/SSL servers that Streams Messaging Manager Rest Admin Server might connect to. This is used when Streams Messaging Manager Rest Admin Server is the client in a TLS/SSL connection. This trust store must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of well-known certificate authorities is used instead.
Streams Messaging Manager Rest Admin Server TLS/SSL Client Trust Store Password The password for the Streams Messaging Manager Rest Admin Server TLS/SSL Certificate Trust Store File. This password is not required to access the trust store; this field can be left blank. This password provides optional integrity checking of the file. The contents of trust stores are certificates, and certificates are public information.
Cloudera Manager Metrics TrustStore Type

cm.metrics.truststore.type

Cloudera Manager's truststore type. If it is left empty then the keystore type will come from CM settings. If it is left empty then the keystore type will come from CM settings.
SSL ValidateCerts

streams.messaging.manager.ssl.validateCerts

Whether or not to validate TLS certificates before starting. If enabled, it will refuse to start with expired or otherwise invalid certificates.
SSL validatePeers

streams.messaging.manager.ssl.validatePeers

Whether or not to validate TLS peer certificates.
SMM UI properties
Enable TLS/SSL for Streams Messaging Manager UI Server

streams.messaging.manager.ui.ssl.enable

Encrypt communication between clients and Streams Messaging Manager UI Server using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)).
Streams Messaging Manager UI Server TLS/SSL Server Private Key File (PEM Format)

streams.messaging.manager.ui.ssl.private.key.location

The path to the TLS/SSL file containing the private key used for TLS/SSL. Used when Streams Messaging Manager UI Server is acting as a TLS/SSL server. The certificate file must be in PEM format.
Streams Messaging Manager UI Server TLS/SSL Server Certificate File (PEM Format)

streams.messaging.manager.ui.ssl.cert.location

The path to the TLS/SSL file containing the server certificate key used for TLS/SSL. Used when Streams Messaging Manager UI Server is acting as a TLS/SSL server. The certificate file must be in PEM format.
Streams Messaging Manager UI Server TLS/SSL Server CA Certificate (PEM Format)

streams.messaging.manager.ui.ssl.ca.cert.location

The path to the TLS/SSL file containing the certificate of the certificate authority (CA) and any intermediate certificates used to sign the server certificate. Used when Streams Messaging Manager UI Server is acting as a TLS/SSL server. The certificate file must be in PEM format, and is usually created by concatenating all of the appropriate root and intermediate certificates.
Streams Messaging Manager UI Server TLS/SSL Private Key Password The password for the private key in the Streams Messaging Manager UI Server TLS/SSL Server Certificate and Private Key file. If left blank, the private key is not protected by a password.
Streams Messaging Manager UI Server TLS/SSL Certificate Trust Store File

streams.messaging.manager.ui.ssl.trust.store.location

The location on disk of the trust store, in .pem format, used to confirm the authenticity of TLS/SSL servers that Streams Messaging Manager UI Server might connect to. This is used when Streams Messaging Manager UI Server is the client in a TLS/SSL connection. This trust store must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of well-known certificate authorities is used instead.
SMM server’s Oracle TLS connection properties
Enable TLS with Oracle DB

streams.messaging.manager.enable.TLS.Oracle

Enable TLS with Oracle as DB for Schema Registry.
Oracle.net.ssl_version

streams.messaging.manager.oracle.net.ssl_version

Oracle net ssl version.
Oracle TLS javax.net.ssl.keyStore

streams.messaging.manager.javax.net.ssl.keyStore

Path to keystore file if enabling TLS using Oracle DB.
Oracle TLS javax.net.ssl.keyStoreType

streams.messaging.manager.javax.net.ssl.keyStoreType

KeyStoreType type if enabling TLS using Oracle DB.
Oracle TLS javax.net.ssl.keyStorePassword

streams.messaging.manager.javax.net.ssl.keyStorePassword

KeyStorePassword if enabling TLS using Oracle DB.
Oracle TLS javax.net.ssl.trustStore

streams.messaging.manager.javax.net.ssl.trustStore

Required Path to truststore file if enabling TLS using Oracle DB.
Oracle TLS javax.net.ssl.trustStoreType

streams.messaging.manager.javax.net.ssl.trustStoreType

Required Truststore type if enabling TLS using Oracle DB.
Oracle TLS javax.net.ssl.trustStorePassword

streams.messaging.manager.javax.net.ssl.trustStorePassword

TrustStorePassword type if enabling TLS using Oracle DB.
Oracle TLS oracle.net.ssl_cipher_suites

streams.messaging.manager.oracle.net.ssl_cipher_suites

net ssl cipher suites if enabling TLS using Oracle DB e.g. SSL_DH_DSS_WITH_DES_CBC_SHA.
Oracle TLS oracle.net.ssl_server_dn_match

streams.messaging.manager.oracle.net.ssl_server_dn_match

ssl server domain name match if enabling TLS using Oracle DB.
Oracle TLS oracle.net.authentication_services

streams.messaging.manager.oracle.net.authentication_services

Oracle net authentication service if enabling TLS using Oracle DB.