Securing database connections with TLS/SSL

Hue uses different clients to communicate with each database internally. Client-specific options, such as secure connectivity can be configured using Cloudera Manager.

  1. Log in to Cloudera Manager as an administrator.
  2. Go to Clusters > $Hue service > Configuration and add the following section in the Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini field:
    [desktop] 
      [[database]] 
        … 
        options={"ssl":{"ca":"/tmp/ca-cert.pem"}}
    This identifies the Certificate Authority (CA) certificate for the backend database. You can also identify public and private keys as follows:
    options='{"ssl": {"ca": "/tmp/newcerts2/ca.pem", "key": "/tmp/newcerts2/client-key.pem", "cert": “/tmp/newcerts2/client-cert.pem"}}'
  3. Click Save Changes.
  4. Restart the Hue service.