Posts: 25
Registered: ‎07-11-2016
Accepted Solution

Issue after Level 2 of TLS security implementation

Hi All,


I had implemented the Level 1 TLS encryption and which is working.


But, when I have implemented the Level 2 TLS encryption as per the steps given in below link


I have started getting below error.


1. In cloudera-scm-agent log


[17/Aug/2017 07:24:50 +0000] 31094 MainThread agent ERROR Heartbeating to failed.
Traceback (most recent call last):
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/cmf-5.9.1-py2.6.egg/cmf/", line 1346, in _send_heartbeat
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/cmf-5.9.1-py2.6.egg/cmf/", line 132, in __init__
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/", line 50, in connect
self.sock.connect((, self.port))
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/SSL/", line 185, in connect
ret = self.connect_ssl()
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/SSL/", line 178, in connect_ssl
return m2.ssl_connect(self.ssl)
SSLError: certificate verify failed



2. In Cloudera-scm-Server Log


2017-08-17 07:51:04,118 WARN 118674289@agentServer-169:org.mortbay.log: Received fatal alert: unknown_ca


I have tried by using verify_cert_file as well as by using verify_cert_dir.

Can anybody please help me on the same, if I am missing something or anything else needed to be done to fix this issue.


I would be really thankful for any help on the same.


Thank you,


Posts: 25
Registered: ‎07-11-2016

Re: Issue after Level 2 of TLS security implementation

I am able to resolve this issue by setting the verify_cert_dir in /etc/cloudera-scm-agent/config.ini


I was missing the root certificate file, which I had download from CA authority and added to the verify_cert_dir.


Also, I had executed below command to verify the same.


openssl verify -verbose -CAfile <(cat cert_intermediate_ca.pem thawte_root_ca.pem) hostname.pem


It gave me message:  hostname.pem: OK