Troubleshooting CM Agent won't connect to CM Server after tls activation

gael__urbauer — Thu, 10 Feb 2022 06:39:18 GMT

Hi,

I am provisionning a CDP 7.1.5 cluster with CM 7.2.4 and encountered a connexion problem between the agents and cloudera manager server after tls setup through API.
There is nothing in the server log and there is the following error in the agent log.

Could you help me understand where the problem stands ? Activating further logging or doing some tests upon the provided certificates ?

Traceback (most recent call last):
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/agent.py", line 1430, in _send_heartbeat
self.cfg.max_cert_depth)
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/https.py", line 185, in __init__
self.conn.connect()
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/M2Crypto/httpslib.py", line 69, in connect
sock.connect((self.host, self.port))
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 309, in connect
ret = self.connect_ssl()
File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 295, in connect_ssl
return m2.ssl_connect(self.ssl, self._timeout)
SSLError: sslv3 alert certificate unknown

Regards.

Re: Troubleshooting CM Agent won't connect to CM Server after tls activation

gael__urbauer — Thu, 10 Feb 2022 12:59:02 GMT

I finally solved the problem with the help of the support.

They redirected me to Manually Configuring TLS Encryption for Cloudera Manager | 6.3.x | Cloudera Documentation

In the section 6 I had a certificate with only the "TLS Web Server Authentication" usage.

I missed the "TLS Web Client Authentication" Usage.

question Troubleshooting CM Agent won't connect to CM Server after tls activation in Support Questions

Troubleshooting CM Agent won't connect to CM Server after tls activation

Re: Troubleshooting CM Agent won't connect to CM Server after tls activation