08-17-2017 01:21 AM
I had implemented the Level 1 TLS encryption and which is working.
But, when I have implemented the Level 2 TLS encryption as per the steps given in below link
I have started getting below error.
1. In cloudera-scm-agent log
[17/Aug/2017 07:24:50 +0000] 31094 MainThread agent ERROR Heartbeating to c018-srv1.e8sec.com:7182 failed.
Traceback (most recent call last):
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/cmf-5.9.1-py2.6.egg/cmf/agent.py", line 1346, in _send_heartbeat
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/cmf-5.9.1-py2.6.egg/cmf/https.py", line 132, in __init__
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/httpslib.py", line 50, in connect
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 185, in connect
ret = self.connect_ssl()
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 178, in connect_ssl
SSLError: certificate verify failed
2. In Cloudera-scm-Server Log
2017-08-17 07:51:04,118 WARN 118674289@agentServer-169:org.mortbay.log: javax.net.ssl.SSLException: Received fatal alert: unknown_ca
I have tried by using verify_cert_file as well as by using verify_cert_dir.
Can anybody please help me on the same, if I am missing something or anything else needed to be done to fix this issue.
I would be really thankful for any help on the same.
Solved! Go to Solution.
08-21-2017 04:57 AM
I am able to resolve this issue by setting the verify_cert_dir in /etc/cloudera-scm-agent/config.ini
I was missing the root certificate file, which I had download from CA authority and added to the verify_cert_dir.
Also, I had executed below command to verify the same.
openssl verify -verbose -CAfile <(cat cert_intermediate_ca.pem thawte_root_ca.pem) hostname.pem
It gave me message: hostname.pem: OK