question Cloudera agent SSL error in Support Questions https://community.cloudera.com/t5/Support-Questions/Cloudera-agent-SSL-error/m-p/88333#M36444 <P>Hi team,</P><P>&nbsp;</P><P>I am trying to enable SSL in transit for my cloudera cluster using the document&nbsp;<A href="https://www.cloudera.com/documentation/enterprise/latest/topics/how_to_configure_cm_tls.html" target="_blank" rel="noopener">https://www.cloudera.com/documentation/enterprise/latest/topics/how_to_configure_cm_tls.html</A></P><P>&nbsp;</P><P>I am able to successfully configure till the step "Enable Server Certificate Verification on Cloudera Manager Agents" , however once i completed "Configure Agent Certificate Authentication" , i am receiving the below error and all the hosts are in bad health state, could you please help ?</P><P>&nbsp;</P><P>[27/Mar/2019 11:12:37 +0000] 1022 MainThread agent ERROR Heartbeating to cmhost.antuit.internal:7182 failed.<BR />Traceback (most recent call last):<BR />File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/agent.py", line 1388, in _send_heartbeat<BR />self.cfg.max_cert_depth)<BR />File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/https.py", line 139, in __init__<BR />self.conn.connect()<BR />File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/M2Crypto/httpslib.py", line 80, in connect<BR />sock.connect((self.host, self.port))<BR />File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 305, in connect<BR />ret = self.connect_ssl()<BR />File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 292, in connect_ssl<BR />return m2.ssl_connect(self.ssl, self._timeout)<BR /><STRONG>SSLError: sslv3 alert certificate unknown</STRONG></P><P>&nbsp;</P><P>Notes:</P><P>-----</P><P>&nbsp;</P><P>1. I am using a private intermediate CA to sign the certificates for each host.</P><P>2. I have imported both root and intermediate CA certs into jssecacerts in the cloudera manager host&nbsp;</P><P>3. I am able to manually verify the signed certs</P><P>cat ca.cert.pem intermediate.cert.pem &gt; verify.pem</P><P>sudo openssl verify -CAfile verifier.pem cmhost.XX.YY.pem<BR />cmhost.XX.YY.pem: OK</P><P>&nbsp;</P><P>Thanks,</P><P>Chiranjeevi</P> Wed, 27 Mar 2019 11:30:37 GMT chirunimmala 2019-03-27T11:30:37Z