Cloudera Data Engineering CLI TLS configuration
All CDE virtual cluster endpoints are configured with TLS. In non-production or on-premises environments the TLS certificates are usually signed by a non-production or non-public certificate authority (CA). In these cases, without additional configuration, the CLI tool fails because it attempts to validate the API server's TLS certificate. The CLI provides a TLS configuration when using non-public/non-production CAs.
Specify a file containing the PEM encoded public certificate(s) of the signing CA in one of the following ways:
- add the
--tls-ca-certs [***/PATH/TO/CA.PEM***]
flag on the command line - define the
tls-ca-certs: [***/PATH/TO/CA.PEM***]
variable in the~/.cde/config.yaml
configuration file - set the
CDE_TLS_CA_CERTS
environment variable
Replace [***/PATH/TO/CA.PEM***] with the path to a valid
ca.pem
file.
For public cloud, certificates are issued and signed by LetsEncrypt:
For internal or on-premises environments you need to obtain your CA certificates through your internal process.