When 'ssl.enabled' is true, the following properties need to be set in cdap-security.xml. The entire cdap-security.xml file was missing from /etc/cdap/conf.
Note: the 4th, 5th, 7th, and 8th configurations were present in the cdap-site.xml.
For more details about the cdap-security.xml file, see:
Specifically, "It should be owned and readable only by the CDAP user."