Cloudera Data Engineering CLI TLS configuration

important

The CLI in this release does not support TLS validation. You must disable TLS validation by adding the following lines to the CDE configuration file (~/.cde/config.yaml):

tls-insecure: true

All CDE virtual cluster endpoints are configured with TLS. In non-production or on-premises environments the TLS certificates are usually signed by a non-production or non-public certificate authority (CA). In these cases, without additional configuration, the CLI tool fails as it attempts to validate the API server's TLS certificate. The CLI provides a TLS configuration when using non-public/non-production CAs.

Specify a file containing the PEM encoded public certificate(s) of the signing CA in one of the following ways:

add the --tls-ca-certs [***/PATH/TO/CA.PEM***] flag on the command line
define the tls-ca-certs: [***/PATH/TO/CA.PEM***] variable in the ~/.cde/config.yaml configuration file
set the CDE_TLS_CA_CERTS environment variable

Replace [***/PATH/TO/CA.PEM***] with the path to a valid ca.pem file.

For public cloud, certificates are issued and signed by LetsEncrypt:

For internal or on-premises environments you need to obtain your CA certificates through your internal process.