Configuring TLS/SSL for Cloudera Management Service Roles

To enable TLS/SSL communication between Cloudera Management Service roles, and CDH services and the Cloudera Manager Server:

  1. Open the Cloudera Manager Administration Console and go to the Cloudera Management Service.
  2. Click the Configuration tab.
  3. Select Scope > Cloudera Management Service (Service-Wide).
  4. Select Category > Security.
  5. Edit the following TLS/SSL properties according to your cluster configuration.
    Property Description
    TLS/SSL Client Truststore File Location Path to the client truststore file used in HTTPS communication. This truststore contains certificates of trusted servers, or of Certificate Authorities trusted to identify servers. If set, this is used to verify certificates in HTTPS communication with CDH services and the Cloudera Manager Server. If not set, the default Java truststore located at $JAVA_HOME/jre/lib/security/cacerts is used to verify certificates.

    The contents of this truststore can be modified without restarting the Cloudera Management Service roles. By default, changes to its contents are picked up within ten seconds.

    TLS/SSL Client Truststore File Password Password for the client truststore file. The password for the default cacerts file is changeit.
  6. Click Save Changes to commit the changes.
  7. Restart the Cloudera Management Service. For more information, see TLS/SSL Communication Between Cloudera Manager and Cloudera Management Services.