Cloudera Data Engineering CLI TLS configuration
All CDE virtual cluster endpoints are configured with TLS. In non-production or on-premises environments the TLS certificates are usually signed by a non-production or non-public certificate authority (CA). In these cases, without additional configuration, the CLI tool fails as it attempts to validate the API server's TLS certificate. The CLI provides a TLS configuration when using non-public/non-production CAs.
Specify a file containing the PEM encoded public certificate(s) of the signing CA in one of the following ways:
- add the
--tls-ca-certs [***/PATH/TO/CA.PEM***]flag on the command line
- define the
tls-ca-certs: [***/PATH/TO/CA.PEM***]variable in the
- set the
Replace [***/PATH/TO/CA.PEM***] with the path to a valid
Certificates for CDE are issued and signed by LetsEncrypt and Amazon. If
you are using an older system that does not already trust these
certificate authorities, you must specify them as trusted using the
--tls-ca-certs option. Additionally, if you are using
the CDE CLI on Microsoft Windows with the
option, the operating system trusted root CAs are ignored. To make sure
that your CA certificate file includes all of the necessary certificates,
you can download the certificate chain from by doing the following:
- Go to the Cloudera Data Engineering Overview page.
- In the Environments column, select the environment containing the virtual cluster you want to interact with.
- In the Virtual Clusters column on the right, click the Cluster Details icon for the virtual cluster you want to interact with.
- Click JOBS API URL to copy the link to your clipboard.
- Paste the link into your browser and press Enter.
- In your browser, click the lock icon to view the certificate chain.
- Export the certificate chain as a Base64-encoded X.509 certificate
(.CER). Save it as