Cloudera Enterprise 6.3.x | Other versions
Manually Configuring TLS Encryption on the Agent Listening Port
The agent listening port (TCP Port 9000) of a Cloudera Manager Agent can be secured with TLS. This port is used for retrieving diagnostic and log information.
The requirements for a Cloudera Manager Agent to enable the agent listening port are as follows:
- The following properties must be defined in the config.ini file of the Cloudera Manager Agent: use_tls=1, verify_cert_file, client_cert_file, client_key_file, and client_keypw_file. For details, see Agent Configuration File.
- An encryption key must be configured.
- A certificate must be configured.
The main requirement for the Cloudera Manager Server to connect with TLS to the agent listening port is as follows:
The Cloudera Manager TLS/SSL Client Trust Store File property must be configured to specify the CA certificate using which all the agent certificates are
signed.
Note: If either the Cloudera Manager Agent or the Cloudera Manager Server is not configured properly,
the various diagnostic capture features in Cloudera Manager could fail.
Note: If either the Cloudera Manager Agent or the Cloudera Manager Server is not configured properly,
the various diagnostic capture features in Cloudera Manager could fail.To verify whether the agent listening port is secured with TLS, run the following command:
openssl s_client -connect <hostname>:9000If the output of this command includes a server certificate in PEM format, then the port is secured with TLS.
Page generated August 29, 2019.
| << Manually Configuring TLS Encryption for Cloudera Manager | ©2016 Cloudera, Inc. All rights reserved | Manually Configuring TLS/SSL Encryption for CDH Services >> |
| Terms and Conditions Privacy Policy |