Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Cloudera Manager - javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

Labels:
avatar
author-rank yagoaparecidoti
Expert Contributor

Created ‎02-28-2022 11:57 AM

We are trying to create self-signed certificates

when applying the settings in the cloudera manager, it returns the error below in the log "/var/log/cloudera-scm-server/cloudera-scm-server.log":

 

2022-02-28 15:55:29,205 WARN 81046291@scm-web-48:org.mortbay.log: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
2022-02-28 15:55:29,205 WARN 1719302079@scm-web-42:org.mortbay.log: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
2022-02-28 15:55:29,205 WARN 1655534592@scm-web-47:org.mortbay.log: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
2022-02-28 15:55:29,234 WARN 1719302079@scm-web-42:org.mortbay.log: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
2022-02-28 15:55:29,419 WARN 1719302079@scm-web-42:org.mortbay.log: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
2022-02-28 15:55:30,167 WARN 1719302079@scm-web-42:org.mortbay.log: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
2022-02-28 15:55:33,937 WARN 81046291@scm-web-48:org.mortbay.log: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
2022-02-28 15:55:33,937 WARN 1687785507@scm-web-45:org.mortbay.log: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

 

with the server.jks file a server.cer file is exported

 

with this file server.cer is imported to jssecacerts

 

certificate creation is performed on all hosts at the same time

 

in the end all hosts have the same jssecacerts file

1,884 Views
0 Kudos
8 REPLIES 8

avatar
author-rank araujo author-rank
Super Guru

Created ‎02-28-2022 03:50 PM

@yagoaparecidoti ,

 

Could explain which steps you took to generate your server.jks file?

 

André

 

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.
1,867 Views
0 Kudos

avatar
author-rank yagoaparecidoti
Expert Contributor

Created ‎02-28-2022 04:00 PM

hi @araujo 

 

we create server.jsk this way:

 

/usr/lib/jvm/jre/bin/keytool -genkeypair -keystore /opt/cloudera/security/pki_2022_v2/$(hostname -f).jks -keyalg RSA -alias $(hostname -f) -dname "CN=$(hostname -f),OU=Pereira,L=Sao Paulo,ST=Sao Paulo,C=BR" -ext san=dns:$(hostname -f) -ext EKU=serverAuth,clientAuth -validity 730 -storepass 'password22@' -keypass 'password22@'

 

so we create the server.cer like this:

 

/usr/lib/jvm/jre/bin/keytool -export -alias $(hostname -f) -keystore /opt/cloudera/security/pki_2022_v2/$(hostname -f).jks -rfc -file /opt/cloudera/security/pki_2022_v2/$(hostname -f).cer

 

so we import all server.cer from all hosts to jssecacerts file like this:

 

/usr/lib/jvm/jre/bin/keytool -import -file /opt/cloudera/security/pki_2022_v2/server.cer -alias $i -keystore /opt/cloudera/security/pki_2022_v2/jssecacerts -storepass 'password22@'

1,864 Views
0 Kudos

avatar
author-rank araujo author-rank
Super Guru

Created ‎02-28-2022 04:21 PM

@yagoaparecidoti 

 

Are you able to access Cloudera Manager from your browser?

 

André

 

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.
1,860 Views
0 Kudos

avatar
author-rank yagoaparecidoti
Expert Contributor

Created ‎03-02-2022 07:33 AM

Hi @araujo 

 

yes, normally

1,833 Views
0 Kudos

avatar
author-rank araujo author-rank
Super Guru

Created ‎03-02-2022 05:21 PM

@yagoaparecidoti ,

 

Is there a correlation between the times when these messages appear in the log and your browser activity?

If all Cloudera Manager tabs in the browser are closed does the error continue to happen?

 

Cheers,

André

 

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.
1,823 Views
0 Kudos

avatar
author-rank yagoaparecidoti
Expert Contributor

Created ‎03-02-2022 05:30 PM

Hi @araujo 

after logging into Cloudera Manager, the error already appears.

1,821 Views
0 Kudos

avatar
author-rank araujo author-rank
Super Guru

Created ‎03-02-2022 06:21 PM

@yagoaparecidoti ,

 

Can you try importing your cluster certificate into your browser and see if the error stops? Make sure the certificate is marked as trusted so that the padlock in the browser is green or doesn't show any alerts.

 

Another thing you can try is to add the following user extensions to your keytool command when creating the self-signed certificate.

-ext KU=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment

 

Please keep me posted.

 

Cheers,

André

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.
1,812 Views
0 Kudos

avatar
author-rank VidyaSargur author-rank
Community Manager

Created ‎03-06-2022 09:29 PM

@yagoaparecidoti, Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. 


Regards,

Vidya Sargur,
Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
1,760 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements