Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Key protection algorithm not found: java.security.KeyStoreException: Certificate chain is not valid

avatar
Contributor

Hi All,

 

I need help here, I was at step 7 of "Level 3: Configuring the Cluster to Authenticate Agent Certificates"image.png

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

But when I run this command to create PKCS12 version of JKS, it return this error

 

[root@msimaster1 pki]# keytool -importkeystore -srckeystore /opt/cloudera/security/pki/$(hostname -f)-agent.jks \
> -srcstorepass P@ssw0rd -srckeypass P@ssw0rd \
> -destkeystore /opt/cloudera/security/pki/$(hostname -f)-agent.p12 \
> -deststoretype PKCS12 -srcalias $(hostname -f)-agent -deststorepass \
> P@ssw0rd -destkeypass P@ssw0rd
Problem importing entry for alias msimaster1-agent: java.security.KeyStoreException: Key protection  algorithm not found: java.security.KeyStoreException: Certificate chain is not valid.
Entry for alias msimaster1-agent not imported.

I'm quite new with this certificate matter, already googled this one but still can't solve this issue

 

Can anyone help to identify what this error mean and how to solve it please

 

1 ACCEPTED SOLUTION

avatar
Contributor

Hi I solve this issue by just retry the step again, and it works. I think i made some mistake in generate and signing certificate, thanks for your help Tomas

View solution in original post

4 REPLIES 4

avatar
Have you installed Unlimited cryptography for JAVA?
(JCE) Maybe there is a problem, that the algortihm is too strong.

avatar
Contributor

I already install JCE for JAVA and already put local_policy.jar and US_export_policy.jar in $JAVA_HOME/jre/lib/security.

 

Do I have to change that file owner or permission?

avatar
No. Then I dont know. Can you paste here all the commands how you generated
the keystore and keys?

avatar
Contributor

Hi I solve this issue by just retry the step again, and it works. I think i made some mistake in generate and signing certificate, thanks for your help Tomas