Reply
Highlighted
Posts: 3
Topics: 1
Kudos: 0
Solutions: 0
Registered: ‎05-15-2017

[SSLError: unexpected eof] error while configuring tls level 3. (Upto level 2 its working fine.)

CDH : 5.11

OS : centos 6.7

Facing Issue while configuring tls level 3 Data in transit encription.

 

*Upto level 2 (enabling agent Hosts to Authenticate the CM) its working fine.

* Using keystore for agents and checked :

    - presence of clientAuth , serverAuth extension in certs

    - Also checked the md5 hash of the certs and agent.key exported from the keystore and they were equal

    - Imported rootCA and IntermediateCA certs into truststore jssecacerts on each host.

    - Also concatnated intermediate CA cert into each agent/server cert.

 

agent/config.ini: (checked the permision and ownership of these files)

------------

use_tls=1

verify_cert_file=/opt/cloudera/security/pki/rootca.cert.pem

client_key_file=/opt/cloudera/security/pki/agent.key

client_keypw_file=/etc/cloudera-scm-agent/agentkey.pw

client_cert_file=/opt/cloudera/security/pki/agent.cert.pem

 

Agent logs:

------------------

[15/May/2017 11:23:53 +0000] 3680 MainThread agent ERROR Heartbeating to mgmt1.sourabh-test.com:7182 failed.
Traceback (most recent call last):
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/cmf-5.11.0-py2.6.egg/cmf/agent.py", line 1356, in _send_heartbeat
self.max_cert_depth)
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/cmf-5.11.0-py2.6.egg/cmf/https.py", line 134, in __init__
self.conn.connect()
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/httpslib.py", line 50, in connect
self.sock.connect((self.host, self.port))
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 185, in connect
ret = self.connect_ssl()
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 178, in connect_ssl
return m2.ssl_connect(self.ssl)
SSLError: unexpected eof

 

cloudera server logs:

-------------------------------

2017-05-15 11:24:08,085 WARN 1726433288@agentServer-19:org.mortbay.log: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
2017-05-15 11:24:08,137 WARN 1726433288@agentServer-19:org.mortbay.log: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
2017-05-15 11:24:08,376 WARN 1726433288@agentServer-19:org.mortbay.log: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
2017-05-15 11:24:08,515 WARN 1726433288@agentServer-19:org.mortbay.log: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
2017-05-15 11:24:08,935 WARN 1726433288@agentServer-19:org.mortbay.log: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
2017-05-15 11:24:22,219 WARN 1726433288@agentServer-19:org.mortbay.log: 

 

Any kind of input would be grateful. 

 

Posts: 3
Topics: 1
Kudos: 0
Solutions: 0
Registered: ‎05-15-2017

Re: [SSLError: unexpected eof] error while configuring tls level 3. (Upto level 2 its working fine.)

Or can someone point here it there a way to test connectity to Cloudera Agent processes ,like we can do for cloudera manager ?

----

openssl  s_client -connect  manager.domain.com:7183 -CAfile /opt/cloudera/security/pki/rootca.cert.pem

Announcements