Cloudera Data Engineering CLI TLS configuration

All CDE virtual cluster endpoints are configured with TLS. In non-production or on-premises environments the TLS certificates are usually signed by a non-production or non-public certificate authority (CA). In these cases, without additional configuration, the CLI tool fails as it attempts to validate the API server's TLS certificate. The CLI provides a TLS configuration when using non-public/non-production CAs.

Specify a file containing the PEM encoded public certificate(s) of the signing CA in one of the following ways:

  • add the --tls-ca-certs [***/PATH/TO/CA.PEM***] flag on the command line
  • define the tls-ca-certs: [***/PATH/TO/CA.PEM***] variable in the ~/.cde/config.yaml configuration file
  • set the CDE_TLS_CA_CERTS environment variable

Replace [***/PATH/TO/CA.PEM***] with the path to a valid ca.pem file.

For public cloud, certificates are issued and signed by LetsEncrypt:

For internal or on-premises environments you need to obtain your CA certificates through your internal process.