Auto-TLS Requirements and Limitations
Reference information for Auto-TLS requirements, limitations, and component support.
Requirements
- You must install the Cloudera Manager Agent software on the Cloudera Manager Server host.
- You can enable auto-TLS using certificates created and managed by a Cloudera
Manager certificate authority (CA), or certificates signed by a trusted
public CA or your own internal CA. If you want to use a trusted public CA or
your own internal CA, you must obtain all of the host certificates before
enabling auto-TLS. For instructions on obtaining certificates from a CA, see
Manually Configuring TLS Encryption for Cloudera Manager
>On Each Cluster Host
.
Component support for Auto-TLS
-
The following Cloudera Enterprise services support auto-TLS:
Cloudera Enterprise Components that Support Auto-TLS HBase Impala StateStore HDFS Client Configuration Kafka Broker Server HDFS NameNode Web UI Cloudera Navigator Audit Server HiveServer2 Cloudera Navigator Metadata Server HttpFS Oozie Hue Client Phoenix Hue Load Balancer Spark History Server Hue Server YARN Web UI Impala Catalog Server
For unlisted Cloudera Enterprise services, you must enable TLS manually. See the applicable component guide for more information.
