Configuring TLS/SSL for Navigator Audit Server
Cloudera Navigator supports TLS/SSL encryption for network communications between the Navigator Audit Server and clients, such as the web browser used for Cloudera Navigator console. Typically, TLS/SSL is configured for the entire cluster, so it is possible that the server key and certificate already exist on the specific host running the Navigator Audit Server role because that role runs on the same host as Cloudera Management Server. See Configuring TLS Encryption for Cloudera Manager for more information about configuring TLS/SSL for Cloudera Manager clusters.
- Log in to the Cloudera Manager Admin Console.
- Select Clusters > Cloudera Management Service.
- Click the Configuration tab.
- Select Scope > Navigator Audit Server.
- Select Category > Security.
- Edit the following properties according to your cluster configuration.
Property Description Enable TLS/SSL for Navigator Audit Server Encrypt network communications between clients and Navigator Audit Server using TLS/SSL. TLS/SSL Keystore File Location The path to the keystore file containing the server private key and certificate. The keystore must be in JKS format. TLS/SSL Keystore File Password The password for the Navigator Audit Server JKS keystore file. TLS/SSL Keystore Key Password The password for the private key contained in the JKS keystore. Navigator TLS/SSL Certificate Trust Store File The path to the trust store. The trust store is used when Navigator is the client in a TLS/SSL connection. This trust store must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of well-known certificate authorities is used instead. Navigator TLS/SSL Certificate Trust Store Password The password for the Navigator TLS/SSL Certificate Trust Store File. This password is not required to access the trust store; this field can be left blank. This password provides optional integrity checking of the file.
- Click Save Changes.
- Restart the Navigator Audit Server role.