Auto-TLS Requirements and Limitations

Reference information for Auto-TLS requirements, limitations, and component support.

Requirements

  • You must install the Cloudera Manager Agent software on the Cloudera Manager Server host.
  • You can enable auto-TLS using certificates created and managed by a Cloudera Manager certificate authority (CA), or certificates signed by a trusted public CA or your own internal CA. If you want to use a trusted public CA or your own internal CA, you must obtain all of the host certificates before enabling auto-TLS. For instructions on obtaining certificates from a CA, see “Manually Configuring TLS Encryption for Cloudera Manager”>“On Each Cluster Host”.

Component support for Auto-TLS

The following Cloudera Enterprise services support auto-TLS:
  • Cloudera Navigator Audit Server
  • Cloudera Navigator Metadata Server
  • HBase
  • HDFS Client Configuration
  • HDFS NameNode Web UI
  • HiveServer2
  • HttpFS
  • Hue Client
  • Hue Load Balancer
  • Hue Server
  • Impala Catalog Server
  • Impala Server
  • Impala StateStore
  • Kafka Broker Server
  • Oozie
  • Phoenix
  • Spark History Server
  • YARN Web UI

For unlisted Cloudera Enterprise services, you must enable TLS manually. See the applicable component guide for more information.