question Re: Cloudera agent SSL error in Support Questions https://community.cloudera.com/t5/Support-Questions/Cloudera-agent-SSL-error/m-p/88359#M36446 <P>Hi,</P><P>&nbsp;</P><P>Yes i have completed the steps in "Enable server certificate verification" . Please find details below,&nbsp;</P><P>&nbsp;</P><P>Note: The verifier.pem file has both RootCA and IntermediateCA certificates and cmhost.antuit.internal.pem has the signed certificate + IntermediateCA certificate</P><P>&nbsp;</P><P># A file of CA certificates in PEM format. The file can contain several CA<BR /># certificates identified by<BR />#<BR /># -----BEGIN CERTIFICATE-----<BR /># ... (CA certificate in base64 encoding) ...<BR /># -----END CERTIFICATE-----<BR />#<BR /># sequences. Before, between, and after the certificates text is allowed which<BR /># can be used e.g. for descriptions of the certificates.<BR />#<BR /># The file is loaded once, the first time an HTTPS connection is attempted. A<BR /># restart of the agent is required to pick up changes to the file.<BR />#<BR /># Note that if neither verify_cert_file or verify_cert_dir is set, certificate<BR /># verification will not be performed.<BR /><STRONG>verify_cert_file=/opt/cloudera/security/pki/verifier.pem</STRONG></P><P><BR /><STRONG>[root@cmhost pki]# openssl s_client -connect cmhost.antuit.internal:7182 -CAfile verifier.pem -cert cmhost.antuit.internal.pem -key agent.key</STRONG><BR />Enter pass phrase for agent.key:<BR />CONNECTED(00000003)<BR />depth=2 C = IN, ST = KA, L = BNG, O = Antuit, OU = DE, CN = Antuit Root CA<BR />verify return:1<BR />depth=1 C = IN, ST = KA, O = Antuit, OU = DE, CN = Antuit Inter CA<BR />verify return:1<BR />depth=0 C = IN, ST = KA, L = BNG, O = Antuit, OU = DE, CN = cmhost.antuit.internal<BR />verify return:1<BR /><STRONG>140606215886736:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:s3_pkt.c:1493:SSL alert number 46</STRONG><BR /><STRONG>140606215886736:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:</STRONG><BR />---<BR />Certificate chain<BR />0 s:/C=IN/ST=KA/L=BNG/O=Antuit/OU=DE/CN=cmhost.antuit.internal<BR />i:/C=IN/ST=KA/O=Antuit/OU=DE/CN=Antuit Inter CA<BR />1 s:/C=IN/ST=KA/O=Antuit/OU=DE/CN=Antuit Inter CA<BR />i:/C=IN/ST=KA/L=BNG/O=Antuit/OU=DE/CN=Antuit Root CA<BR />---</P> Thu, 28 Mar 2019 04:27:39 GMT chirunimmala 2019-03-28T04:27:39Z