https://community.cloudera.com/t5/Archives-of-Support-Questions/ssl-error-during-oozie-calling/m-p/45144#M40452 solved<BR /><A href="http://community.cloudera.com/t5/Batch-Processing-and-Workflow/oozie-cli-doesn-t-work-after-enabling-tls-option/m-p/45140" target="_blank">http://community.cloudera.com/t5/Batch-Processing-and-Workflow/oozie-cli-doesn-t-work-after-enabling-tls-option/m-p/45140</A> Thu, 15 Sep 2016 16:14:10 GMT andrzej_jedrzej 2016-09-15T16:14:10Z https://community.cloudera.com/t5/Archives-of-Support-Questions/ssl-error-during-oozie-calling/m-p/45060#M40451 <P>Hi Guys,</P><P>&nbsp;</P><P>I have a&nbsp;problem with oozie on my cloudera cluster. I enabled TLS encryption for admin console and Agents. I specified Keystore and Truststore File location and passwords in configuration tab for oozie.</P><P>&nbsp;</P><P>When i try to curl oozie:</P><P class="p1"><SPAN class="s1">oozie admin -oozie <A href="https://ukgs2hdm02.cwglobal.local:11443/oozie" target="_blank"><SPAN class="s2">https://ukgs2hdm02.cwglobal.local:11443/oozie</SPAN></A> -status</SPAN></P><P class="p1">&nbsp;</P><PRE>Error: IO_ERROR : java.io.IOException: Error while connecting Oozie server. No of retries = 1. Exception = sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target</PRE><P class="p1"><SPAN class="s1">I was thinking about importing host certificate to default java keystore but find this:</SPAN></P><P class="p1">&nbsp;</P><PRE>/opt/jdk1.7.0_79/jre/lib/security/cacerts /opt/cloudera/parcels/CDH-5.5.4-1.cdh5.5.4.p0.9/lib/hue/build/env/lib/python2.6/site-packages/boto-2.38.0-py2.6.egg/boto/cacerts /usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre/lib/security/cacerts /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101.x86_64/jre/lib/security/cacerts /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.39.x86_64/jre/lib/security/cacerts /usr/java/jdk1.7.0_67-cloudera/jre/lib/security/cacerts /usr/java/jdk1.6.0_31/jre/lib/security/cacerts /etc/pki/ca-trust/extracted/java/cacerts /etc/pki/java/cacerts</PRE><P class="p1"><SPAN class="s1">and I don't know which one should I use?</SPAN></P><P class="p1">&nbsp;</P><P class="p1"><SPAN class="s1">Here are my files related to cert:</SPAN></P><PRE>-rw-r-----. 1 root tls 1996 May 31 13:08 cdh_host.key -rw-r-----. 1 root tls 2159 May 31 13:08 cdh_host.keystore -r--r-----. 1 oozie tls 2159 Sep 13 09:45 cdh_host.oozie.keystore -rw-r-----. 1 root tls 1123 May 31 13:08 cdh_host.pem -r-xr--r--. 1 cloudera-scm tls 8754 Sep 7 13:39 truststore.jks -rw-r-----. 1 root tls 11961 Sep 7 13:39 truststore.pem -rw-r-----. 1 root tls 789 May 31 13:08 ukgs2hdm02.cwglobal.local.cer</PRE><P class="p1"><SPAN class="s1">oozie&nbsp;keystore&nbsp;is the same as the host keystore.</SPAN></P><P class="p1">&nbsp;</P><P class="p1"><SPAN class="s1">Any ideas?</SPAN></P><P class="p1">&nbsp;</P><P class="p1"><SPAN class="s1">&nbsp;</SPAN></P><P>&nbsp;</P> Tue, 21 Apr 2026 13:49:06 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/ssl-error-during-oozie-calling/m-p/45060#M40451 andrzej_jedrzej 2026-04-21T13:49:06Z https://community.cloudera.com/t5/Archives-of-Support-Questions/ssl-error-during-oozie-calling/m-p/45144#M40452 solved<BR /><A href="http://community.cloudera.com/t5/Batch-Processing-and-Workflow/oozie-cli-doesn-t-work-after-enabling-tls-option/m-p/45140" target="_blank">http://community.cloudera.com/t5/Batch-Processing-and-Workflow/oozie-cli-doesn-t-work-after-enabling-tls-option/m-p/45140</A> Thu, 15 Sep 2016 16:14:10 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/ssl-error-during-oozie-calling/m-p/45144#M40452 andrzej_jedrzej 2016-09-15T16:14:10Z