Configuring TLS

Enable secure connections for data transfers and user access with either the Transport Layer Security (TLS) protocol or the Secure Socket Layer (SSL) protocol, which ensures access authenticity and securely protects your data.

TLS/SSL is supported between the following services:

The supported web browser and the Cloudera Observability On-Premises UI.
Telemetry Publisher and the Cloudera Observability On-Premises API.
The Cloudera Observability On-Premises UI and the Cloudera Observability On-Premises API.
The Cloudera Observability On-Premises Servers and Impala.

Configure the TLS properties based on the edge connection that you want to encrypt.

The following tables list the property settings for enabling TLS/SSL encrypted communication between the Cloudera Observability On-Premises system components:

The supported web browser connected to the Cloudera Observability On-Premises UI.
The Console Server and other REST Clients connected to the Admin API Server, the API Server, and the Databus API Server.
The Pipeline Server, the Analytic Database Server, the Entities Server, the Databus Server, and a SDX Server connected to Impala Server.

Table 1. TLS/SSL parameters for a secure connection between your browser and the Cloudera Observability On-Premises UI
Component	Property	Value
Console Server	TLS/SSL Server Private Key File (PEM)	ssl.privatekey.path
Console Server	TLS/SSL Server Certificate File (PEM)	ssl.cert.path
Console Server	TLS/SSL Private Key Password	ssl.privatekey.password
Console Server	Enable TLS/SSL	ssl.enabled

Table 2. TLS/SSL parameters for a secure connection between the Console Server and other REST clients and the Admin API Server, the API Server, and the Databus API Server
Component	Property	Value
Console Server	TLS/SSL Certificate Trust Store File	ssl.cacert.path
Admin API Server	TLS/SSL Certificate Trust Store File	ssl.trustStore.path
Admin API Server API Server Databus API Server	Enable TLS/SSL	ssl.enabled
Admin API Server API Server Databus API Server	TLS/SSL Server JKS Keystore File Location	ssl.keyStore.path
Admin API Server API Server Databus API Server	TLS/SSL Server JKS Keystore File Password	ssl.keyStore.password
Admin API Server API Server Databus API Server	TLS/SSL Server JKS Keystore Key Password	ssl.keyManager.password

Table 3. TLS/SSL parameters for a secure connection between the Pipeline Server and several other servers to the Impala Server
Component	Property	Value
Pipelines Server Analytic Database Server Entities Server Databus Server SDX Server	TLS/SSL Client Trust Store File	ssl.trustStore.path
Pipelines Server Analytic Database Server Entities Server Databus Server SDX Server	TLS/SSL Client Trust Store Password	ssl.trustStore.password