Cloudera Data Engineering CLI TLS configuration
All CDE virtual cluster endpoints are configured with TLS. In non-production or on-premises environments the TLS certificates are usually signed by a non-production or non-public certificate authority (CA). In these cases, without additional configuration, the CLI tool fails as it attempts to validate the API server's TLS certificate. The CLI provides a TLS configuration when using non-public/non-production CAs.
Specify a file containing the PEM encoded public certificate(s) of the signing CA in one of the following ways:
- add the
--tls-ca-certs [***/PATH/TO/CA.PEM***]flag on the command line
- define the
tls-ca-certs: [***/PATH/TO/CA.PEM***]variable in the
- set the
Replace [***/PATH/TO/CA.PEM***] with the path to a valid
For public cloud, certificates are issued and signed by LetsEncrypt:
For internal or on-premises environments you need to obtain your CA certificates through your internal process.