- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Float this Question for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Ambari Https (Broken HTTPS)
- Labels:
-
Apache Ambari
Created 09-08-2016 06:08 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
While securing Ambari Sever for Https, we can successfully login to https and default port 8443, however the https is stoked out and says This page is insecure (broken HTTPS).
We are using wildcard certs initially in .cer format however have to convert it to .pem format using openssl.
What is the preferred format and encryption for the Certs.
The current error says
1) SHA-1 Certificate The certificate for this site expires in 2017 or later, and the certificate chain contains a certificate signed using SHA-1.
2) Certificate Error There are issues with the site's certificate chain (net::ERR_CERT_COMMON_NAME_INVALID).
Thanks
Mayank
Created 09-29-2016 02:09 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Figured it out, I generated a new cert and used Signature Algorithm as sha256RSA (signature hash algorithm as sha256) however the ones I had earlier were SHA1RSA and SHA1 respectively.
Seems like ShA1 is week but IE doesn't seem to care, Chrome was not happy about it.
If it's a internal ONLY cluster and you are using a local CA authority (internal or self sign) you can still live with Sha1.
You will still achieve Secure TLS connection and Secure Resources however with a warning This page is insecure (broken HTTPS).
Hope this helps and thanks community to think.
Regards Mayank
Created 09-08-2016 06:26 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@mkataria
Is it self signed cert? did you try adding the host into trusted sites in the browser?
You can cross check the cert creation process with below article,
Created 09-08-2016 06:29 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are using a single wildcard cert provided by enterprise CA.
Thanks Mayank
Created 09-23-2016 03:21 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Works for IE, however still broken for Chrome.
Any advices/help is appreciated.
Created 09-29-2016 02:09 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Figured it out, I generated a new cert and used Signature Algorithm as sha256RSA (signature hash algorithm as sha256) however the ones I had earlier were SHA1RSA and SHA1 respectively.
Seems like ShA1 is week but IE doesn't seem to care, Chrome was not happy about it.
If it's a internal ONLY cluster and you are using a local CA authority (internal or self sign) you can still live with Sha1.
You will still achieve Secure TLS connection and Secure Resources however with a warning This page is insecure (broken HTTPS).
Hope this helps and thanks community to think.
Regards Mayank
Created 10-13-2018 11:37 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@mkataria Did you get solution ,can you share steps performed with wild card cert.