https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Https-Broken-HTTPS/m-p/143127#M40139 <P>@mkataria</P><P>Is it self signed cert? did you try adding the host into trusted sites in the browser?</P><P>You can cross check the cert creation process with below article,</P><P><A href="https://community.hortonworks.com/articles/50405/how-to-enable-https-for-apache-ambari-using-jks.html" target="_blank">https://community.hortonworks.com/articles/50405/how-to-enable-https-for-apache-ambari-using-jks.html</A></P> Fri, 09 Sep 2016 01:26:29 GMT apappu 2016-09-09T01:26:29Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Https-Broken-HTTPS/m-p/143126#M40138 <P>While securing Ambari Sever for Https, we can successfully login to https and default port 8443, however the https is stoked out and says <STRONG>This page is insecure (broken HTTPS).</STRONG></P><P>We are using wildcard certs initially in .cer format however have to convert it to .pem format using openssl.</P><P>What is the preferred format and encryption for the Certs.</P><P>The current error says</P><P>1) SHA-1 Certificate The certificate for this site expires in 2017 or later, and the certificate chain contains a certificate signed using SHA-1.</P><P>2) Certificate Error There are issues with the site's certificate chain (net::ERR_CERT_COMMON_NAME_INVALID).</P><P>Thanks</P><P>Mayank</P> Fri, 09 Sep 2016 01:08:55 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Https-Broken-HTTPS/m-p/143126#M40138 mkataria 2016-09-09T01:08:55Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Https-Broken-HTTPS/m-p/143127#M40139 <P>@mkataria</P><P>Is it self signed cert? did you try adding the host into trusted sites in the browser?</P><P>You can cross check the cert creation process with below article,</P><P><A href="https://community.hortonworks.com/articles/50405/how-to-enable-https-for-apache-ambari-using-jks.html" target="_blank">https://community.hortonworks.com/articles/50405/how-to-enable-https-for-apache-ambari-using-jks.html</A></P> Fri, 09 Sep 2016 01:26:29 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Https-Broken-HTTPS/m-p/143127#M40139 apappu 2016-09-09T01:26:29Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Https-Broken-HTTPS/m-p/143128#M40140 <P>We are using a single wildcard cert provided by enterprise CA.</P><P>Thanks Mayank</P> Fri, 09 Sep 2016 01:29:12 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Https-Broken-HTTPS/m-p/143128#M40140 mkataria 2016-09-09T01:29:12Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Https-Broken-HTTPS/m-p/143129#M40141 <P>Works for IE, however still broken for Chrome.</P><P>Any advices/help is appreciated.</P> Fri, 23 Sep 2016 22:21:10 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Https-Broken-HTTPS/m-p/143129#M40141 mkataria 2016-09-23T22:21:10Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Https-Broken-HTTPS/m-p/143130#M40142 <P>Figured it out, I generated a new cert and used <STRONG>Signature Algorithm as sha256RSA</STRONG> (s<STRONG>ignature hash algorithm as sha256)</STRONG> however the ones I had earlier were SHA1RSA and SHA1 respectively. </P><P>Seems like ShA1 is week but IE doesn't seem to care, Chrome was not happy about it.</P><P>If it's a internal ONLY cluster and you are using a local CA authority (internal or self sign) you can still live with Sha1.</P><P>You will still achieve Secure TLS connection and Secure Resources however with a warning <STRONG>This page is insecure (broken HTTPS).</STRONG></P><P>Hope this helps and thanks community to think.</P><P>Regards Mayank</P> Thu, 29 Sep 2016 21:09:44 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Https-Broken-HTTPS/m-p/143130#M40142 mkataria 2016-09-29T21:09:44Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Https-Broken-HTTPS/m-p/143131#M40143 <P><A rel="user" href="https://community.cloudera.com/users/395/mkataria.html" nodeid="395">@mkataria</A> Did you get solution ,can you share steps performed with wild card cert.</P> Sat, 13 Oct 2018 18:37:14 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Ambari-Https-Broken-HTTPS/m-p/143131#M40143 rajat_dua09 2018-10-13T18:37:14Z