https://community.cloudera.com/t5/Archives-of-Support-Questions/How-to-turn-off-2-way-SSL-authentication-for-smartsense/m-p/125241#M26804 <P>I am trying to restart my hst-agent, but it repeatedly fails with below error message:</P><PRE>ERROR 2016-05-02 03:08:20,978 security.py:78 - Two-way SSL authentication failed. Ensure that server and agent certificates were signed by the same CA and restart the agent. In order to receive a new agent certificate, remove existing certificate file from keys directory. As a workaround you can turn off two-way SSL authentication in agent configuration(hst-agent.ini) Exiting.. ERROR 2016-05-02 03:08:20,979 security.py:86 - [Errno 8] _ssl.c:492: EOF occurred in violation of protocol</PRE><P>I even tried deleting all the hst-agent keys bit still to no avail. </P><P>I am trying to setup the smartsense on my HDP 2.4 VM</P> Mon, 02 May 2016 10:23:22 GMT hduraiswamy 2016-05-02T10:23:22Z https://community.cloudera.com/t5/Archives-of-Support-Questions/How-to-turn-off-2-way-SSL-authentication-for-smartsense/m-p/125241#M26804 <P>I am trying to restart my hst-agent, but it repeatedly fails with below error message:</P><PRE>ERROR 2016-05-02 03:08:20,978 security.py:78 - Two-way SSL authentication failed. Ensure that server and agent certificates were signed by the same CA and restart the agent. In order to receive a new agent certificate, remove existing certificate file from keys directory. As a workaround you can turn off two-way SSL authentication in agent configuration(hst-agent.ini) Exiting.. ERROR 2016-05-02 03:08:20,979 security.py:86 - [Errno 8] _ssl.c:492: EOF occurred in violation of protocol</PRE><P>I even tried deleting all the hst-agent keys bit still to no avail. </P><P>I am trying to setup the smartsense on my HDP 2.4 VM</P> Mon, 02 May 2016 10:23:22 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/How-to-turn-off-2-way-SSL-authentication-for-smartsense/m-p/125241#M26804 hduraiswamy 2016-05-02T10:23:22Z https://community.cloudera.com/t5/Archives-of-Support-Questions/How-to-turn-off-2-way-SSL-authentication-for-smartsense/m-p/125242#M26805 <P>This error occurs because the md5 digest became deprecated in favor of sha256 in recent versions of Java. It is fixed in the next SmartSense HST release. <STRONG>The workaround is somewhat complicated, so we recommend you open a support case for assistance.</STRONG> If you wish to attempt it yourself, here is the process...</P><P><STRONG>WORKAROUND: </STRONG>Change the default digest to “sha256” instead of “md5” and then regenerate all certificates. Follow these steps:</P><OL> <LI>Use Ambari to stop the SmartSense service (all components)</LI><LI>Backup the old server keys on the HST Server host: cp -rp /var/lib/smartsense/hst-server/keys /var/lib/smartsense/hst-server/keys.backup</LI><LI>On the HST Server host, clean out the old keys:i. rm -f /var/lib/smartsense/hst-server/keys/ca.key<OL><LI>rm -f /var/lib/smartsense/hst-server/keys/*.csr</LI><LI>rm -f /var/lib/smartsense/hst-server/keys/*.crt</LI><LI>rm -rf /var/lib/smartsense/hst-server/keys/db/*</LI><LI>mkdir /var/lib/smartsense/hst-server/keys/db/newcerts</LI><LI>touch /var/lib/smartsense/hst-server/keys/db/index.txt</LI><LI>echo 01 &gt; /var/lib/smartsense/hst-server/keys/db/serial</LI></OL></LI><LI>Edit file /var/lib/smartsense/hst-server/keys/ca.config and change line "default_md = md5" to "default_md = sha256"</LI><LI>On <STRONG>all HST Agent hosts</STRONG>, clean out the old keys: rm -f /var/lib/smartsense/hst-agent/keys/*</LI><LI>If using the <STRONG>HST Gateway:</STRONG> <OL> <LI>Stop the gateway: hst gateway stop</LI><LI>Repeat steps 3 &amp; 4 for the files under /var/lib/smartsense/hst-gateway/keys/ on the HST Gateway host</LI><LI>Repeat step 5 for the files under /var/lib/smartsense/hst-gateway-client/keys on all HST Server host(s)</LI><LI>Start the gateway: hst gateway start</LI></OL></LI><LI>Use Ambari to start the SmartSense service (all components)</LI><LI>Verify both Ambari SmartSense service and SmartSense view shows correct number of agents registered.</LI></OL><P><STRONG>NOTE: Turning off two-way SSL is NOT recommended</STRONG> (the error message has been improved in newer versions of HST), and the<STRONG> issue occurs on hosts with following JDK versions</STRONG> or newer:</P><TABLE><TBODY><TR><TD><STRONG>JDK Family</STRONG></TD><TD><STRONG>Versions</STRONG></TD></TR><TR><TD>Oracle</TD><TD>1.8.0_71</TD></TR><TR><TD>Oracle</TD><TD>1.7.0_95</TD></TR><TR><TD>Oracle</TD><TD>1.6.0_111</TD></TR><TR><TD>OpenJDK</TD><TD>1.7.0_45</TD></TR><TR><TD>OpenJDK</TD><TD>1.8.0_40</TD></TR></TBODY></TABLE> Tue, 03 May 2016 01:25:53 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/How-to-turn-off-2-way-SSL-authentication-for-smartsense/m-p/125242#M26805 amiller 2016-05-03T01:25:53Z https://community.cloudera.com/t5/Archives-of-Support-Questions/How-to-turn-off-2-way-SSL-authentication-for-smartsense/m-p/125243#M26806 <P>Also, you can enable the md5 algorithm from your java security by changing the security setting from the file</P><PRE>JAVA_HOME/lib/security/java.security</PRE><P>and deleting the md5 algorithm from the line</P><PRE>jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize &lt; 1024 jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize &lt; 2048</PRE><P>This worked for me - but when you do this, please be mindful of the security settings that you are impacting your machine.</P> Tue, 03 May 2016 09:20:54 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/How-to-turn-off-2-way-SSL-authentication-for-smartsense/m-p/125243#M26806 hduraiswamy 2016-05-03T09:20:54Z https://community.cloudera.com/t5/Archives-of-Support-Questions/How-to-turn-off-2-way-SSL-authentication-for-smartsense/m-p/125244#M26807 <P>Hi ,</P><P>I have the a similar issue but appears when we reboot the server. </P><P></P><P>07 Dec 2016 06:11:25 ERROR [MainThread] security.py:82 - Two-way SSL authentication failed. [Errno 0] _ssl.c:330: error:00000000:lib(0):func(0):reason(0)</P><P>The first thing that I do was find the keys in the HST Agent</P><P></P><P>/var/lib/smartsense/hst-agent/keys</P><P>The keys was empty. So I followed the next steps</P><P>1) In Ambari , restart all smartsense</P><P>2) In Ambari --- smartsense -- Restart HST Agent.</P><P>and now , the keys in the HST Agent are genereted.</P><P>Regards. </P> Thu, 08 Dec 2016 01:03:21 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/How-to-turn-off-2-way-SSL-authentication-for-smartsense/m-p/125244#M26807 luis_picazo 2016-12-08T01:03:21Z https://community.cloudera.com/t5/Archives-of-Support-Questions/How-to-turn-off-2-way-SSL-authentication-for-smartsense/m-p/125245#M26808 <P>For SmartSense versions 1.3.0 and above, we can use below CLI to regenerate the SSL keys on agents</P><P># hst reset-agent</P> Fri, 02 Jun 2017 10:16:40 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/How-to-turn-off-2-way-SSL-authentication-for-smartsense/m-p/125245#M26808 sappusamy 2017-06-02T10:16:40Z