https://community.cloudera.com/t5/Archives-of-Support-Questions/Issue-after-Level-2-of-TLS-security-implementation/m-p/58947#M66760 <P>Hi All,</P><P>&nbsp;</P><P>I had implemented the Level 1 TLS encryption and which is working.</P><P>&nbsp;</P><P>But, when I have implemented the Level 2 TLS encryption as per the steps given in below link</P><P><A href="https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cm_sg_config_tls_auth.html#topic_3" target="_blank">https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cm_sg_config_tls_auth.html#topic_3</A></P><P>&nbsp;</P><P>I have started getting below error.</P><P>&nbsp;</P><P>1. In cloudera-scm-agent log</P><P>&nbsp;</P><P>[17/Aug/2017 07:24:50 +0000] 31094 MainThread agent ERROR Heartbeating to c018-srv1.e8sec.com:7182 failed.<BR />Traceback (most recent call last):<BR />File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/cmf-5.9.1-py2.6.egg/cmf/agent.py", line 1346, in _send_heartbeat<BR />self.max_cert_depth)<BR />File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/cmf-5.9.1-py2.6.egg/cmf/https.py", line 132, in __init__<BR />self.conn.connect()<BR />File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/httpslib.py", line 50, in connect<BR />self.sock.connect((self.host, self.port))<BR />File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 185, in connect<BR />ret = self.connect_ssl()<BR />File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 178, in connect_ssl<BR />return m2.ssl_connect(self.ssl)<BR />SSLError: certificate verify failed</P><P>&nbsp;</P><P>&nbsp;</P><P>2. In Cloudera-scm-Server Log</P><P>&nbsp;</P><P>2017-08-17 07:51:04,118 WARN 118674289@agentServer-169:org.mortbay.log: javax.net.ssl.SSLException: Received fatal alert: unknown_ca</P><P>&nbsp;</P><P>I have tried by using&nbsp;<SPAN>verify_cert_file&nbsp;as well as by using&nbsp;verify_cert_dir.</SPAN></P><P><SPAN>Can anybody please help me on the same, if I am missing something or anything else needed to be done to fix this issue.</SPAN></P><P>&nbsp;</P><P><SPAN>I would be really thankful for any help on the same.</SPAN></P><P>&nbsp;</P><P><SPAN>Thank you,</SPAN></P><P><SPAN>Amit</SPAN></P> Thu, 17 Aug 2017 08:21:31 GMT AmitAdhau 2017-08-17T08:21:31Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Issue-after-Level-2-of-TLS-security-implementation/m-p/58947#M66760 <P>Hi All,</P><P>&nbsp;</P><P>I had implemented the Level 1 TLS encryption and which is working.</P><P>&nbsp;</P><P>But, when I have implemented the Level 2 TLS encryption as per the steps given in below link</P><P><A href="https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cm_sg_config_tls_auth.html#topic_3" target="_blank">https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cm_sg_config_tls_auth.html#topic_3</A></P><P>&nbsp;</P><P>I have started getting below error.</P><P>&nbsp;</P><P>1. In cloudera-scm-agent log</P><P>&nbsp;</P><P>[17/Aug/2017 07:24:50 +0000] 31094 MainThread agent ERROR Heartbeating to c018-srv1.e8sec.com:7182 failed.<BR />Traceback (most recent call last):<BR />File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/cmf-5.9.1-py2.6.egg/cmf/agent.py", line 1346, in _send_heartbeat<BR />self.max_cert_depth)<BR />File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/cmf-5.9.1-py2.6.egg/cmf/https.py", line 132, in __init__<BR />self.conn.connect()<BR />File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/httpslib.py", line 50, in connect<BR />self.sock.connect((self.host, self.port))<BR />File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 185, in connect<BR />ret = self.connect_ssl()<BR />File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 178, in connect_ssl<BR />return m2.ssl_connect(self.ssl)<BR />SSLError: certificate verify failed</P><P>&nbsp;</P><P>&nbsp;</P><P>2. In Cloudera-scm-Server Log</P><P>&nbsp;</P><P>2017-08-17 07:51:04,118 WARN 118674289@agentServer-169:org.mortbay.log: javax.net.ssl.SSLException: Received fatal alert: unknown_ca</P><P>&nbsp;</P><P>I have tried by using&nbsp;<SPAN>verify_cert_file&nbsp;as well as by using&nbsp;verify_cert_dir.</SPAN></P><P><SPAN>Can anybody please help me on the same, if I am missing something or anything else needed to be done to fix this issue.</SPAN></P><P>&nbsp;</P><P><SPAN>I would be really thankful for any help on the same.</SPAN></P><P>&nbsp;</P><P><SPAN>Thank you,</SPAN></P><P><SPAN>Amit</SPAN></P> Thu, 17 Aug 2017 08:21:31 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Issue-after-Level-2-of-TLS-security-implementation/m-p/58947#M66760 AmitAdhau 2017-08-17T08:21:31Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Issue-after-Level-2-of-TLS-security-implementation/m-p/59072#M66761 <P>I am able to resolve this issue by setting the&nbsp;verify_cert_dir in /etc/cloudera-scm-agent/config.ini</P><P>&nbsp;</P><P>I was missing the root certificate file, which I had download from CA authority and added to the verify_cert_dir.</P><P>&nbsp;</P><P>Also, I had executed below command to verify the same.</P><P>&nbsp;</P><P>openssl verify -verbose -CAfile &lt;(cat cert_intermediate_ca.pem thawte_root_ca.pem) hostname.pem</P><P>&nbsp;</P><P>It gave me message: &nbsp;hostname.pem: OK</P><P>&nbsp;</P><P>Thanks,</P><P>Amit</P> Mon, 21 Aug 2017 11:57:07 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Issue-after-Level-2-of-TLS-security-implementation/m-p/59072#M66761 AmitAdhau 2017-08-21T11:57:07Z