Auto-TLS Requirements and Limitations
Reference information for Auto-TLS requirements, limitations, and component support.
- You must install the Cloudera Manager Agent software on the Cloudera Manager Server host.
- You can enable auto-TLS using certificates created and managed by a Cloudera Manager certificate authority (CA), or certificates signed by a trusted public CA or your own internal CA. If you want to use a trusted public CA or your own internal CA, you must obtain all of the host certificates before enabling auto-TLS. For instructions on obtaining certificates from a CA, see “Manually Configuring TLS Encryption for Cloudera Manager”>“On Each Cluster Host”.
Component support for Auto-TLS
The following Cloudera Enterprise services support auto-TLS:
Cloudera Enterprise Components that Support Auto-TLS HBase Impala StateStore HDFS Client Configuration Kafka Broker Server HDFS NameNode Web UI Cloudera Navigator Audit Server HiveServer2 Cloudera Navigator Metadata Server HttpFS Oozie Hue Client Phoenix Hue Load Balancer Spark History Server Hue Server YARN Web UI Impala Catalog Server
For unlisted Cloudera Enterprise services, you must enable TLS manually. See the applicable component guide for more information.