https://community.cloudera.com/t5/Support-Questions/How-to-create-SAM-service-pool-for-secured-Ambari-server/m-p/222132#M184006 <P>I did created a truststore for queue manager view. But I believe although the truststore is located on Ambari server, by importing Ambari HTTPS cert to the store it is actually used by Ambari views to connect to Ambari HTTPS server. It is not really for other client like SAM. </P> Fri, 18 Aug 2017 21:26:56 GMT qiwang 2017-08-18T21:26:56Z https://community.cloudera.com/t5/Support-Questions/How-to-create-SAM-service-pool-for-secured-Ambari-server/m-p/222129#M184003 <P>Try to create a service pool in SAM from a secured cluster with secured Ambari server. Ambari HTTPS is done using self generated certificates. The webUI could be access with following url</P><P>https://[AMBARI_HOST]:8443/#/main/dashboard/metrics</P><P>When putting the following url in creating service pool WebUI in SAM</P><P>https://[AMBARI_HOST]:8443/api/v1/clusters/[AMBARI_CLUSTER_NAME]</P><PRE>javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target </PRE><P>Is there a truststore location for SAM or should I just import the cert to Java truststore?</P> Fri, 16 Sep 2022 12:06:43 GMT https://community.cloudera.com/t5/Support-Questions/How-to-create-SAM-service-pool-for-secured-Ambari-server/m-p/222129#M184003 qiwang 2022-09-16T12:06:43Z https://community.cloudera.com/t5/Support-Questions/How-to-create-SAM-service-pool-for-secured-Ambari-server/m-p/222130#M184004 <A rel="user" href="https://community.cloudera.com/users/3090/qiwang.html" nodeid="3090">@Qi Wang</A><P>Have you setup a truststore and then trust SAM as an application that can connect to Ambari? I have not set this up but not setting up a truststore and "trusting" SAM can be a reason for your error. Check troubleshooting in the following link:<BR /><BR /><A href="https://community.hortonworks.com/articles/39865/enabling-https-for-ambariserver-and-troubleshootin.html" target="_blank">https://community.hortonworks.com/articles/39865/enabling-https-for-ambariserver-and-troubleshootin.html</A></P> Fri, 18 Aug 2017 05:01:13 GMT https://community.cloudera.com/t5/Support-Questions/How-to-create-SAM-service-pool-for-secured-Ambari-server/m-p/222130#M184004 mqureshi 2017-08-18T05:01:13Z https://community.cloudera.com/t5/Support-Questions/How-to-create-SAM-service-pool-for-secured-Ambari-server/m-p/222131#M184005 <P>I am able to make it work by adding Ambari cert to SAM node's Java truststore at</P><P>JAVA_HOME/jre/lib/security/cacerts</P><P>Since the document did not mentioned it, I wonder if this is the standard practice or there is a truststore for SAM itself.</P> Fri, 18 Aug 2017 21:09:05 GMT https://community.cloudera.com/t5/Support-Questions/How-to-create-SAM-service-pool-for-secured-Ambari-server/m-p/222131#M184005 qiwang 2017-08-18T21:09:05Z https://community.cloudera.com/t5/Support-Questions/How-to-create-SAM-service-pool-for-secured-Ambari-server/m-p/222132#M184006 <P>I did created a truststore for queue manager view. But I believe although the truststore is located on Ambari server, by importing Ambari HTTPS cert to the store it is actually used by Ambari views to connect to Ambari HTTPS server. It is not really for other client like SAM. </P> Fri, 18 Aug 2017 21:26:56 GMT https://community.cloudera.com/t5/Support-Questions/How-to-create-SAM-service-pool-for-secured-Ambari-server/m-p/222132#M184006 qiwang 2017-08-18T21:26:56Z