Manually Configuring TLS Encryption on the Agent Listening Port
The agent listening port (TCP Port 9000) of a Cloudera Manager Agent can be secured with TLS. This port is used for retrieving diagnostic and log information.
- The following properties must be defined in the config.ini file of the Cloudera Manager Agent: use_tls=1, verify_cert_file, client_cert_file, client_key_file, and client_keypw_file. For details, see Agent Configuration File.
- An encryption key must be configured.
- A certificate must be configured.
The main requirement for the Cloudera Manager Server to connect with TLS to the agent listening port is as follows:
openssl s_client -connect <hostname>:9000If the output of this command includes a server certificate in PEM format, then the port is secured with TLS.