Configuring TLS/SSL for Navigator Audit Server
Cloudera Navigator supports TLS/SSL encryption for network communications between the Navigator Audit Server and clients, such as the Cloudera Manager. Configuring TLS/SSL encryption for Navigator Audit Server includes three parts:
- Configure a dedicated truststore in Cloudera Manager.
If you haven't already done this, see Step 4: Enable Agent Certificate Authentication in the Cloudera Manager TLS setup instructions.
This step is important because Cloudera Manager won't use the JDK alternate truststore for connecting to Navigator Audit Server. An explicit truststore needs to be set in the Cloudera Manager configuration, including the root CA certificate signing the Navigator Audit Server server certificate. If this configuration isn't in place, you'll see a "Server error" message when accessing the Audits tab in the Cloudera Navigator console.
- Make sure the server key and certificate are on the Navigator Audit Server host.
Typically, when TLS is enabled for Cloudera Manager Service, it is likely that the server key and certificate already exist on the specific host running the Navigator Audit Server role. If Navigator Audit Server is deployed on a separate host and the key and certificate are not present, then a keystore and truststore need to be created using the instructions in How To Obtain and Deploy Keys and Certificates for TLS/SSL.
- Use Cloudera Manager to configure Navigator Audit Server TLS settings, including pointing to the server key and certificate you identified in the previous step.
Note: After TLS/SSL is enabled, Cloudera Manager links to the Cloudera Navigator console use HTTPS rather than unencrypted HTTP. The trust store password is encrypted when passed between Cloudera Manager and Cloudera Navigator.
<< Configuring TLS/SSL for HttpFS | ©2016 Cloudera, Inc. All rights reserved | Configuring TLS/SSL for Navigator Metadata Server >> |
Terms and Conditions Privacy Policy |