Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Check out our newest addition to the community, the Cloudera Innovation Accelerator group hub.

After Operating System Security Patching, get SSL exception

khanil
Explorer

Created ‎09-28-2017 01:30 AM

Hi Team,

We applied OS level security only updates to nodes running our Hadoop Cluster. After security update were applied, started getting nio:720 - javax.net.ssl.SSLException:

I can't perform Cluster Operations through Ambari. All services are Yellow and start all/stop all greyed out.

Any solution? Appreciate any help/support in advance. I suspect one of the packages openssl, python or jdk got updated but not sure which package.

Regards

Anil Khiani

1,035 Views
0 Kudos
4 REPLIES 4

bkosaraju
Super Collaborator

Created ‎09-28-2017 04:16 AM

Hi @Anil Khiani,

Looks you are using the "TLS 1.0" version certificates and the update of the "OpenSSL/JDK Module" module in the server stoped supporting the same.

before you sort out your certificate issue, for time being you can use the Non-SSL communication method between Ambari-server and Ambari-Agents by setting(disabling two way ssl) security.server.two_way_ssl=false in /etc/ambari-server/conf/ambari.properties

Hope this helps!!

910 Views
0 Kudos

khanil
Explorer

Created ‎09-28-2017 05:10 AM

Thanks @bkosaraju. Tried with no luck. Checked ambari-server logs and get

28 Sep 2017 01:05:27,940WARN [qtp-ambari-agent-57] nio:720 - javax.net.ssl.SSLException: Received fatal alert: unknown_ca

910 Views
0 Kudos

jsensharma
Super Mentor

Created ‎09-28-2017 05:15 AM

@Anil Khiani

Can you please try this:

Edit the /etc/python/cert-verification.cfg and change the verify=disable and then restart ambari agents.

.

It might be related to some OS level patching you might have done which affects Python Security as well. If you are using RHEL then please refer to: https://access.redhat.com/errata/RHSA-2017:1868 to verify if you applied the mentioned fix.

.

You also might want to refer to a thread to match your complete error trace https://community.hortonworks.com/questions/120861/ambari-agent-ssl-certificate-verify-failed-certif...

910 Views

khanil
Explorer

Created ‎09-28-2017 05:47 AM

Thanks @Jay SenSharma. Indeed, Edit the /etc/python/cert-verification.cfg and change the verify=disable and then restart ambari agents helped. I got production server. Is it recommended approach to disable cert-verification.

910 Views
0 Kudos
Don't have an account?
Register
Announcements
Product Announcements
CDP Public Cloud Release Summary: April 2022
What's New @ Cloudera
Unifying Analytics in Cloudera Data Warehouse
What's New @ Cloudera
Cloudera Logging is now available in CDP Private Cloud Base 7.1.7 SP1
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector 2.6.27 for Impala Released
Product Announcements
[ANNOUNCE] Cloudera JDBC Driver 2.6.19 for Apache Hive Released
View More Announcements