08-13-2017 12:32 PM
Below is my scenario.
1] We already have trusted public CA certificate.
2] We have a new cluster where we want to implement the kerberos and as a pre-requisite enabling the TLS encryption.
3] Since, cluster is new created the cacerts using command as per below on CM host under /usr/java/jdk1.7.0_67-cloudera/jre/lib/security/.
keytool -keystore cacerts -importcert -alias aliasname -file /certificatepath/cert_wildcard_full.pem
4] Used the steps mentioned in below link;
From above link Followed - step,step
From above link Not Followed - Since, already have the trusted public CA certificate hence not followed the step,step,step [Please correct me, if I am wrong]
And then followed step i.e. Import the Certificate into the Keystore
5] After doing this followed below link steps.
6] I have also copied the $JAVA_HOME/jre/lib/security/jssecacerts to all nodes on the cluster and created the cacert on all nodes of the cluster using same command given above in #3.
However, when I starts the cloudera server I am getting below error consistently;
WARN 1671856335@scm-web-4:org.mortbay.log: javax.net.ssl.SSLHandshakeException: no cipher suites in common
Can anybody please help me on this, I have tried various things but not able to fix it and due to this CM is not working.
If I am missing anything in above steps or doing anything wrong in above steps can you please confirm what would be the right steps to enable the TLS for trusted public CA.
Thank you very much in advance.
Really looking out for any assistance on the same.