Reply
Contributor
Posts: 49
Registered: ‎07-05-2018

Cloudera Agent throws TLS errors

Hello Team,

 

We have enabled TLS CA signed certificate on Cluster. CM UI is up and running but Cloudera Agent throws below error in its log.

 

[05/Feb/2019 10:25:09 +0000] 932998 MainThread agent ERROR Heartbeating to a301-8883-2675.gdzd.ubs.net:7182 failed.
Traceback (most recent call last):
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/cmf-5.15.1-py2.7.egg/cmf/agent.py", line 1432, in _send_heartbeat
self.max_cert_depth)
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/cmf-5.15.1-py2.7.egg/cmf/https.py", line 138, in __init__
self.conn.connect()
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/httpslib.py", line 59, in connect
sock.connect((self.host, self.port))
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 195, in connect
ret = self.connect_ssl()
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 188, in connect_ssl
return m2.ssl_connect(self.ssl, self._timeout)
SSLError: unexpected eof

 

 

Cloudera Agent config file set for below

 

use_tls=1

verify_cert_dir=/app/bds/security/CAcerts

client_cert_file=/app/bds/security/x509/cmserver.pem

client_key_file=/app/bds/security/x509/cmserver.pem

client_keypw_file=/etc/cloudera-scm-agent/agentkey.pw

 

I set 777 permission on all TLS certificates but still Cloudera Manager Agents hearbeat fails and give above error.

 

Kindly suggest?

Explorer
Posts: 15
Registered: ‎01-31-2019

Re: Cloudera Agent throws TLS errors

Check the PEM files to make sure each one ends with a newline, especially if you had to append multiple certs to each other.

Also, at least in my installation, the client_key_file and the client_cert_file are two different things: the key is the private key by itself, while the cert is the host certificate and intermediate certs (i.e. everything except the root cert).
Contributor
Posts: 49
Registered: ‎07-05-2018

Re: Cloudera Agent throws TLS errors

@David_Schwab

 

1. As suggested by you verified pem file, each certificate staritng with new line like below.

 

-----BEGIN CERTIFICATE-----

 

and ends with 

 

-----END CERTIFICATE-----

 

2. Updated agent config.ini for client_key_file and client_cert_file with different pem files. Below snap.

 

client_key_file=/app/bds/security/x509/cmserver.pem

 

client_cert_file=/app/bds/security/CAcerts/cacerts.pem

 

 

 

3. Cloudera server log throws below error

 

2019-02-11 08:06:58,311 WARN 879548808@agentServer-0:org.mortbay.log: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
2019-02-11 08:06:58,633 INFO ScmActive-0:com.cloudera.server.cmf.components.ScmActive: ScmActive completed successfully.
2019-02-11 08:07:00,287 INFO SearchRepositoryManager-0:com.cloudera.server.web.cmf.search.components.SearchRepositoryManager: Num entities:5556
2019-02-11 08:07:00,287 INFO SearchRepositoryManager-0:com.cloudera.server.web.cmf.search.components.SearchRepositoryManager: Generating documents:2019-02-11T07:07:00.287Z
2019-02-11 08:07:00,375 INFO SearchRepositoryManager-0:com.cloudera.server.web.cmf.search.components.SearchRepositoryManager: Num docs:5254
2019-02-11 08:07:00,376 INFO SearchRepositoryManager-0:com.cloudera.server.web.cmf.search.components.SearchRepositoryManager: Constructing repo:2019-02-11T07:07:00.376Z
2019-02-11 08:07:00,779 INFO SearchRepositoryManager-0:com.cloudera.server.web.cmf.search.components.SearchRepositoryManager: Finished constructing repo:2019-02-11T07:07:00.779Z
2019-02-11 08:07:02,725 WARN 879548808@agentServer-0:org.mortbay.log: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
2019-02-11 08:07:13,328 WARN 879548808@agentServer-0:org.mortbay.log: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
2019-02-11 08:07:17,736 WARN 879548808@agentServer-0:org.mortbay.log: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
2019-02-11 08:07:28,327 WARN 879548808@agentServer-0:org.mortbay.log: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
2019-02-11 08:07:32,754 WARN 879548808@agentServer-0:org.mortbay.log: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

 

 

4. Cloudera agent log throws below error

 

[11/Feb/2019 08:06:14 +0000] 1344935 MainThread agent ERROR Heartbeating to a301-8883-2675.gdzd.ubs.net:7182 failed.
Traceback (most recent call last):
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/cmf-5.15.1-py2.7.egg/cmf/agent.py", line 1432, in _send_heartbeat
self.max_cert_depth)
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/cmf-5.15.1-py2.7.egg/cmf/https.py", line 138, in __init__
self.conn.connect()
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/httpslib.py", line 59, in connect
sock.connect((self.host, self.port))
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 195, in connect
ret = self.connect_ssl()
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 188, in connect_ssl
return m2.ssl_connect(self.ssl, self._timeout)
SSLError: unexpected eof

Traceback (most recent call last):
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/cmf-5.15.1-py2.7.egg/cmf/https.py", line 99, in make_ssl_context
lambda * arg, **kw: key_password)
File "/usr/lib64/cmf/agent/build/env/lib/python2.7

 

 

 

Kindly suggest how can i troubleshoot and fix the issue?

Contributor
Posts: 49
Registered: ‎07-05-2018

Re: Cloudera Agent throws TLS errors

@bgooley

 

Hi,

 

I need your help to troubleshoot TLS/SSl communication issue with cloudera scm agent and server.

 

 

1. As suggested by david verified pem file, each certificate staritng with new line like below.

 

-----BEGIN CERTIFICATE-----

 

and ends with 

 

-----END CERTIFICATE-----

 

2. Updated agent config.ini for client_key_file and client_cert_file with different pem files. Below snap.

 

client_key_file=/app/bds/security/x509/cmserver.pem

 

client_cert_file=/app/bds/security/CAcerts/cacerts.pem

 

 

 

3. Cloudera server log throws below error

 

2019-02-11 08:06:58,311 WARN 879548808@agentServer-0:org.mortbay.log: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
2019-02-11 08:06:58,633 INFO ScmActive-0:com.cloudera.server.cmf.components.ScmActive: ScmActive completed successfully.
2019-02-11 08:07:00,287 INFO SearchRepositoryManager-0:com.cloudera.server.web.cmf.search.components.SearchRepositoryManager: Num entities:5556
2019-02-11 08:07:00,287 INFO SearchRepositoryManager-0:com.cloudera.server.web.cmf.search.components.SearchRepositoryManager: Generating documents:2019-02-11T07:07:00.287Z
2019-02-11 08:07:00,375 INFO SearchRepositoryManager-0:com.cloudera.server.web.cmf.search.components.SearchRepositoryManager: Num docs:5254
2019-02-11 08:07:00,376 INFO SearchRepositoryManager-0:com.cloudera.server.web.cmf.search.components.SearchRepositoryManager: Constructing repo:2019-02-11T07:07:00.376Z
2019-02-11 08:07:00,779 INFO SearchRepositoryManager-0:com.cloudera.server.web.cmf.search.components.SearchRepositoryManager: Finished constructing repo:2019-02-11T07:07:00.779Z
2019-02-11 08:07:02,725 WARN 879548808@agentServer-0:org.mortbay.log: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
2019-02-11 08:07:13,328 WARN 879548808@agentServer-0:org.mortbay.log: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
2019-02-11 08:07:17,736 WARN 879548808@agentServer-0:org.mortbay.log: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
2019-02-11 08:07:28,327 WARN 879548808@agentServer-0:org.mortbay.log: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
2019-02-11 08:07:32,754 WARN 879548808@agentServer-0:org.mortbay.log: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

 

 

4. Cloudera agent log throws below error

 

[11/Feb/2019 08:06:14 +0000] 1344935 MainThread agent ERROR Heartbeating to a301-8883-2675.gdzd.ubs.net:7182 failed.
Traceback (most recent call last):
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/cmf-5.15.1-py2.7.egg/cmf/agent.py", line 1432, in _send_heartbeat
self.max_cert_depth)
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/cmf-5.15.1-py2.7.egg/cmf/https.py", line 138, in __init__
self.conn.connect()
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/httpslib.py", line 59, in connect
sock.connect((self.host, self.port))
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 195, in connect
ret = self.connect_ssl()
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 188, in connect_ssl
return m2.ssl_connect(self.ssl, self._timeout)
SSLError: unexpected eof

Traceback (most recent call last):
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/cmf-5.15.1-py2.7.egg/cmf/https.py", line 99, in make_ssl_context
lambda * arg, **kw: key_password)
File "/usr/lib64/cmf/agent/build/env/lib/python2.7

 

 

 

Kindly suggest how can i troubleshoot and fix the issue?

Highlighted
Contributor
Posts: 49
Registered: ‎07-05-2018

Re: Cloudera Agent throws TLS errors

@bgooley

 

We are using TLSv1.1 vertificates earlier and all was working, Recently in our organization TLS V1.1 disabled and certificates regerated using TLS v1.2.

 

All Certificates have proper ownership and permissions.

 

Kindly suggest?

 

- Vijay M

Posts: 1,033
Topics: 1
Kudos: 257
Solutions: 128
Registered: ‎04-22-2014

Re: Cloudera Agent throws TLS errors

@VijayM,

 

If the file names are any indication, you do not have your agent certificate configured properly so that's likely causing the current issue you are seeing:

 

client_cert_file=/app/bds/security/CAcerts/cacerts.pem

 

As an example, let's take my agent's configuration:

 

verify_cert_file=/opt/cloudera/security/cacerts/cacert.pem
client_key_file=/opt/cloudera/security/x509/host.key
client_keypw_file=/opt/cloudera/security/agent_key_pw
client_cert_file=/opt/cloudera/security/x509/host.pem

 

In order for the agent to determine trust for the signer of Cloudera Manager's certificate, the following can be used to refer to a file containing the CA's certificate:

 

verify_cert_file

 

In order for the agent to present its public certificate to Cloudera Manager so that CM can make sure it trust the agent's CA signer (or certificate), the agent must be configured with the following:

 

client_key_file

client_keypw_file

client_cert_file

 

The client_key_file is the path to the file containing the private key

The client_cert_file is the path to the certificate (public key paired with the private key)

The client_keypw_file is a path to a file that contains only the password needed to access the private key.

 

You may want to clarify what your origanization did since TLS is a protocol and not something you can really upgrade in a certificate.  I am guessing they may have generated new certificates that support SHA-256 (rather than SHA1).  Either way, that part should not impact the configuration mentioned above.

 

Hope that helps.  Feel free to ask any further questions.

Contributor
Posts: 49
Registered: ‎07-05-2018

Re: Cloudera Agent throws TLS errors

@bgooley

 

Yes, we have disabled SHA1 and enabled SHA2 with higher encryption.

 

Did couple of changes but cloudera agents still unable to communicate with Clouders server, hearbeat failing with below error.

 

Error:

 

[12/Feb/2019 12:20:08 +0000] 1614468 MainThread agent ERROR Heartbeating to a301-8883-2675.gdzd.ubs.net:7182 failed.
Traceback (most recent call last):
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/cmf-5.15.1-py2.7.egg/cmf/agent.py", line 1432, in _send_heartbeat
self.max_cert_depth)
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/cmf-5.15.1-py2.7.egg/cmf/https.py", line 138, in __init__
self.conn.connect()
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/httpslib.py", line 59, in connect
sock.connect((self.host, self.port))
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 195, in connect
ret = self.connect_ssl()
File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 188, in connect_ssl
return m2.ssl_connect(self.ssl, self._timeout)
SSLError: unexpected eof

 

 

 

 

below find configuration of TLS in config.ini

 

[root@host1 CAcerts]# egrep '(cert|key|tls)' /etc/cloudera-scm-agent/config.ini |grep -v "^#"
use_tls=1
max_cert_depth=9
verify_cert_file=/app/bds/security/CAcerts/cacerts.pem
verify_cert_dir=/app/bds/security/CAcerts
client_key_file=/app/bds/security/x509/cmserver.pem
client_keypw_file=/etc/cloudera-scm-agent/agentkey.pw
client_cert_file=/app/bds/security/x509/cmserver.pem

 

 

Below find Certificate details of cmserver.pem and cacerts.pem

 

[root@host1 x509]# openssl x509 -in cmserver.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1f:00:00:08:74:83:75:0c:5e:37:77:2b:d9:00:00:00:00:08:74
Signature Algorithm: sha512WithRSAEncryption
Issuer: C=CH, O=UBS, OU=CA, OU=CH 027, CN=UBS Server CA Test 3
Validity
Not Before: Feb 11 09:04:45 2019 GMT
Not After : Feb 10 09:04:45 2021 GMT
Subject: C=CH, O=UBS, OU=CA, OU=Server, CN=host1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d2:ee:c0:0e:ae:54:67:9a:b5:9b:76:53:7f:f3:
e2:c1:7d:ea:2f:8e:9c:9e:b5:64:9c:c7:a2:41:82:
31:5a:f2:5b:dd:38:07:9c:4a:2e:60:cb:6d:2c:8a:
b0:9d:1d:55:33:d7:b3:f3:b0:45:16:84:4b:ca:0e:
58:57:fc:47:17:ef:bf:09:95:d1:2d:d2:06:a7:ca:
b2:45:b4:67:83:69:91:d2:da:8c:25:34:7d:56:cc:
69:22:b6:ff:61:04:54:b2:bd:0b:23:ca:78:b7:7c:
64:8f:d5:d6:32:3a:f9:b1:a5:55:67:7d:ac:9a:15:
f6:4b:14:f1:28:4c:65:82:8b:d0:1d:08:60:40:4b:
9f:31:21:16:eb:52:7e:27:65:77:5d:60:be:77:2b:
0a:59:cc:bb:dc:68:33:82:c1:16:21:16:73:e5:3a:
4a:67:24:2c:59:2a:6a:f0:ef:47:46:f7:85:05:61:
eb:66:9a:8a:30:5a:26:ca:95:e0:f4:fc:57:2d:9b:
e2:e7:1f:8a:b3:3d:0b:ea:f2:f3:fb:6e:f5:f2:f2:
d3:28:1e:96:be:ad:87:12:64:6a:59:b9:ac:5f:4e:
44:6e:c3:7b:72:78:ad:0d:5c:3f:93:f3:3c:1f:4f:
1b:1e:6d:68:05:17:5d:59:9c:df:e6:be:61:8c:8c:
ed:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:95:94:60:67:09:D9:DE:05:68:1D:9C:87:78:7C:28:A6:E8:85:FB
X509v3 Authority Key Identifier:
keyid:AC:1D:94:48:57:60:32:B6:8C:D7:B4:C2:FC:59:BF:3E:D3:D4:36:47

X509v3 CRL Distribution Points:

Full Name:
URI:http://abc/crl/UBS_Server_CA_Test_3.crl

Authority Information Access:
CA Issuers - URI:http://abc/aia/UBS_Server_CA_Test_3.crt
OCSP - URI:http://xyz:53417/

X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Certificate Policies:
Policy: 2.16.756.5.4.2.1.2.13.1.25
CPS: http://certinfo.ubs.com/cps

2.16.756.5.4.2.1.2.13.2.2:
..1888326
X509v3 Subject Alternative Name:
DNS:a301-8883-2675.gdzd.ubs.net
Signature Algorithm: sha512WithRSAEncryption
74:39:e7:22:be:89:ae:77:17:4f:e0:bf:90:5f:87:41:1f:94:
ad:8a:45:6c:11:ed:7b:3d:1b:84:a1:00:c6:2e:6c:7a:ac:2d:
05:50:b4:ac:8d:dc:8d:ef:88:3f:68:e3:94:a4:b7:9c:09:ff:


 

 

 

[root@host1 CAcerts]# openssl x509 -in cacerts.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
17:a8:d3:16:25:12:a6:8c:4e:db:bc:c7:67:3f:45:75
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=CH, O=UBS, OU=CA, OU=CH 005, CN=Server CA Test 1
Validity
Not Before: Feb 13 14:55:43 2004 GMT
Not After : Feb 13 15:04:57 2024 GMT
Subject: C=CH, O=UBS, OU=CA, OU=CH 005, CN=Server CA Test 1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a2:c2:6e:85:7a:15:0d:91:5a:d7:88:d9:45:66:
42:b9:33:ea:ee:11:b3:c7:5b:ec:45:45:80:94:98:
6f:b9:e2:e6:bd:48:52:2b:43:77:47:8c:9d:8f:8d:
4e:09:94:ce:e6:23:04:eb:be:8c:e5:42:a6:56:6f:
02:1e:86:96:ca:da:5a:06:98:71:4b:a2:f7:a6:e4:
01:1c:8c:24:ac:52:52:13:3d:18:17:54:81:15:74:
8f:37:55:c8:b2:50:54:cb:e9:f5:c6:c3:c1:e7:cd:
f1:9d:63:7e:f8:6a:fc:a7:60:af:e2:7d:d0:21:f0:
2d:72:29:4c:a0:89:20:40:ed:3a:16:9e:17:89:fc:
0c:9c:f4:73:53:a9:54:8a:3e:69:6f:53:99:0b:84:
54:43:19:c6:6c:0f:1d:be:7b:19:7f:39:5d:a4:2f:
21:9f:1a:fe:74:c2:14:54:d2:09:94:69:23:3e:32:
2e:cb:f9:49:cb:9e:9e:ac:49:b5:19:49:24:b8:31:
39:e8:c1:91:28:17:02:c5:74:e7:19:11:e7:ae:1e:
c7:0d:64:1d:aa:ca:8b:2e:0b:13:c2:f7:14:f7:cf:
01:e3:a0:d5:5c:67:44:d9:58:29:18:8f:c9:68:2f:
91:cd:f2:18:fa:6b:5e:eb:43:02:3f:2d:09:c0:37:
70:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
B2:3D:2A:3B:32:34:69:BD:4A:EA:B4:96:C6:43:42:E4:15:87:FB:0E
X509v3 Certificate Policies:
Policy: 2.16.756.5.4.2.1.2.13.1.5
CPS: http://www.ubs.com/cps

Signature Algorithm: sha1WithRSAEncryption
58:42:b4:e0:dd:fc:94:9e:5c:f2:79:a9:d6:f3:7f:b3:d1:6f:
c5:3d:1e:ae:46:1a:2c:18:e8:f4:04:e1:5f:6d:e9:0b:3e:6d:

 

Kindly check/suggest?

 

 

- Vijay M

Contributor
Posts: 49
Registered: ‎07-05-2018

Re: Cloudera Agent throws TLS errors

@bgooley

 

Kindly check and suggest  on my last reply.

 

Apart from it clouderac documentation also says below as mentioned in below mentioned link:

If the certificate does not have both TLS Web Server Authentication and TLS Web Client Authentication listed in the X509v3 Extended Key Usage section, re-submit the CSR to the CA, and request that they generate a certificate that can be used for both server and client authentication.

 

https://www.cloudera.com/documentation/enterprise/latest/topics/how_to_configure_cm_tls.html

 

my server certificate pem file does not x509 extended attributes for TLS web server and client authentication enabled. Below snap of it.

 

X509v3 extensions:
X509v3 Subject Key Identifier:
17:2B:34:6A:F6:49:3F:D4:97:09:45:52:F7:75:B9:30:67:9C:60:7B
X509v3 Authority Key Identifier:
keyid:AC:1D:94:48:57:60:32:B6:8C:D7:B4:C2:FC:59:BF:3E:D3:D4:36:47

X509v3 CRL Distribution Points:

Full Name:
URI:http://certinfo-http.ubs.com/crl/UBS_Server_CA_Test_3.crl

Authority Information Access:
CA Issuers - URI:http://certinfo-http.ubs.com/aia/UBS_Server_CA_Test_3.crt
OCSP - URI:http://certinfo-ocsp.ubs.com:53417/

X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Certificate Policies:
Policy: 2.16.756.5.4.2.1.2.13.1.25
CPS: http://certinfo.ubs.com/cps

2.16.756.5.4.2.1.2.13.2.2:
..1888326
X509v3 Subject Alternative Name:
DNS:a301-8883-2675.gdzd.ubs.net

 

 

 

Kindly confirm for TLS enable Cloudera server and agent communication above web ui authentication require in TLS certificates ?

 

- Vijay M

Contributor
Posts: 49
Registered: ‎07-05-2018

Re: Cloudera Agent throws TLS errors

@bgooley

 

One more thing to inform you in order to troubleshoot the issue.

 

TLS certificates which reordered with SHA-2 have TLS encryption of 512 level. Below snap for it. Checkek in pem and keystore, truststore file.

 

Signature Algorithm: sha512WithRSAEncryption

 

Also cluster is Kerberos enabled.

 

Kindly suggest?

 

- Vijay M

Announcements