Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here. Want to know more about what has changed? Check out the Community News blog.

Configure Cloudera Director to Access Cloudera Manager via TLS/SSL

Configure Cloudera Director to Access Cloudera Manager via TLS/SSL

I manually enabled TLS/SSL on Cloudera Manager and Agents, and I am trying to configure cloudera director to use this https to access cloudera manager api. I am trying to update the template via curl post to the API with the 

 

{
"name": "impala-cloudera-manager",
"tlsEnabled": true,
"port": 7183,
"trustedCertificate": "-----BEGIN CERTIFICATE-----\nMM...+OkuE6N36B9K\n
-----END CERTIFICATE-----\n" 

}, 

"managerVirtualInstance": {
"id": "d901df10-07a8-4a26-85bf-413b6b72fa5e",
"template": {
"name": "cloudera-manager",
"type": "m3.xlarge",

}

 

 and it doesn't seem to work. I am using the correct cert and root CA. 

 

Here is the error in cloudera director logs 

-----------------------------

Caused by: javax.ws.rs.ProcessingException: java.io.IOException: IOException invoking https://10.xxx.xxx.xxx:7183/api/version: HTTPS hostname wrong: should be <10.xxx.xxx.xxx>
at org.apache.cxf.jaxrs.client.AbstractClient.checkClientException(AbstractClient.java:596)
at org.apache.cxf.jaxrs.client.AbstractClient.preProcessResult(AbstractClient.java:578)
at org.apache.cxf.jaxrs.client.ClientProxyImpl.doChainedInvocation(ClientProxyImpl.java:748)
at org.apache.cxf.jaxrs.client.ClientProxyImpl.invoke(ClientProxyImpl.java:231)
at com.cloudera.api.$Proxy228.getCurrentVersion(Unknown Source)
... 125 common frames omitted

--------------------------------

 

Why is it trying to validate against the IP Address? If I put the IP in the browser of course I would be presented with a SSL certificate error.

1 REPLY 1

Re: Configure Cloudera Director to Access Cloudera Manager via TLS/SSL

Rising Star

Hi,

Cloudera Director uses the IP address of the Cloudera Manager server to communicate with it. This means you need the IP address of the server in the TLS certificate for this to work. You can find more information on this in the Cloudera documentation:

 

https://www.cloudera.com/documentation/director/latest/topics/director_tls_enable.html#concept_dcl_2...

 

If you can add the private IP address for the Cloudera Manager as a Subject Alternative Name (SAN) in the certificate then this should work around the issue.

 

Regards,

Jim