Options
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Float this Question for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Error when trying to connect to Cloudera Cluster from a Linux Machine - [unixODBC][Cloudera][ThriftExtension] (14) Unexpected response from server during a HTTP connection: SSL_connect: certificate verify failed.
Labels:
- Labels:
-
Apache Impala
New Contributor
Created on ‎02-13-2025 11:00 AM - edited ‎02-13-2025 11:09 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello everyone.
I'm trying to connect to an Cloudera culster - using Impala.
My certificate is valid (i can OpenSSL it to the host)
(this is an excerpt of the openssl command output)
CONNECTED(00000003)
depth=1 C = BR, ST = **, L = CITY_NAME, O = ****** ***, OU = IT, CN = Hadoop CA Authority
verify return:1
depth=0 C = BR, ST = **, L = CITY_NAME, O = ****** ***, OU = IT, CN = impala.******.***.br
verify return:1
---
Certificate chain
0 s:/C=BR/ST=**/L=CITY_NAME/O=****** ***/OU=IT/CN=impala.******.***.br
i:/C=BR/ST=**/L=CITY_NAME/O=****** ***/OU=IT/CN=Hadoop CA Authority
---
My DSN is also correct (i think):
[ImpalaDSN]
Driver=Cloudera Impala ODBC Driver
Host=host.xzv.jkj
Port=21050
AuthMech=3
UID=theuser
PWD=thepassw
Database=data
LogLevel=3
LogPath=/tmp/odbc_trace.log
UseSASL=1
SSL=1
SSL_VERIFY_SERVER=0
SSLTrustStore=/etc/pki/CA/certs/RootCA.pem
AllowSelfSignedServerCert=1
AllowInvalidCACert=1
ThriftTransport=2
SSL_VERIFY_CLIENT=0
Also, i can connect to this host using Windows ODBC.
I've checked the driver dependencies and they're installed as well. Driver location is okay also (otherwise it would throw an different error message).
This is the output of: isql -v ImpalaDSN
Feb 13 16:49:29.042 TRACE 2638747456 Simba::ImpalaODBC::ImpalaTCLIServiceRetryClient::RecreateUnderlyingClientIfNeeded: +++++ enter +++++
Feb 13 16:49:29.042 DEBUG 2638747456 Simba::ImpalaODBC::ImpalaTCLIServiceRetryClient::RecreateUnderlyingClientIfNeeded: Recreating the underlying client.
Feb 13 16:49:29.042 TRACE 2638747456 Simba::ThriftExtension::TETCLIServiceWebBasedAuthClient::BrowserAuthenticationIfNeeded: +++++ enter +++++
Feb 13 16:49:29.042 TRACE 2638747456 Simba::ImpalaODBC::ImpalaTCLIServiceRetryClient::CreateUnderlyingClient: +++++ enter +++++
Feb 13 16:49:29.042 TRACE 2638747456 Simba::ImpalaODBC::ImpalaClient::CreateTProtocol: +++++ enter +++++
Feb 13 16:49:29.043 TRACE 2638747456 Simba::ImpalaODBC::ImpalaClient::CreateTCLIServiceClient: +++++ enter +++++
Feb 13 16:49:29.043 TRACE 2638747456 Simba::ThriftExtension::TETCLIServiceWebBasedAuthClient::TETCLIServiceWebBasedAuthClient: +++++ enter +++++
Feb 13 16:49:29.043 TRACE 2638747456 Simba::ThriftExtension::TETCLIServiceWebBasedAuthClient::OpenSession: +++++ enter +++++
Feb 13 16:49:29.043 TRACE 2638747456 Simba::ThriftExtension::TETCLIServiceWebBasedAuthClient::PrepareApiCalls: +++++ enter +++++
Feb 13 16:49:29.043 TRACE 2638747456 Simba::ThriftExtension::TETCLIServiceWebBasedAuthClient::CheckAndResetBackendConnection: +++++ enter +++++
Feb 13 16:49:29.043 TRACE 2638747456 Simba::ThriftExtension::TETCLIServiceWebBasedAuthClient::BrowserAuthenticationIfNeeded: +++++ enter +++++
Feb 13 16:49:29.045 DEBUG 2638747456 DriverSupport::DSSSLUtils::SslDefaultVerifyCertCallback: The X509_STORE_CTX_get_error of SSL verification is: 20
Feb 13 16:49:29.045 DEBUG 2638747456 DriverSupport::DSSSLUtils::SslVerifyCertCallback: Error depth: 0
Feb 13 16:49:29.048 DEBUG 2638747456 DriverSupport::DSSSLUtils::SslDefaultVerifyCertCallback: The X509_STORE_CTX_get_error of SSL verification is: 20
Feb 13 16:49:29.048 DEBUG 2638747456 DriverSupport::DSSSLUtils::SslVerifyCertCallback: Error depth: 0
Feb 13 16:49:29.048 TRACE 2638747456 Simba::ImpalaODBC::ImpalaTCLIServiceRetryClient::ShouldRetry: +++++ enter +++++
Feb 13 16:49:29.048 TRACE 2638747456 Simba::ThriftExtension::TETCLIServiceWebBasedAuthClient::ShouldRetry: +++++ enter +++++
Feb 13 16:49:29.048 TRACE 2638747456 Simba::ThriftExtension::TETCLIServiceWebBasedAuthClient::ConvertStatusCode: +++++ enter +++++
Feb 13 16:49:29.049 DEBUG 2638747456 Simba::ThriftExtension::TETCLIServiceWebBasedAuthClient::ConvertStatusCode: Unable to convert the HTTP status code string into a uint16 value. Error detail: [Cloudera][Support] (50090) Conversion from string to number failed with value ''
Feb 13 16:49:29.049 TRACE 2638747456 Simba::ThriftExtension::TETCLIServiceWebBasedAuthClient::WaitAndResetTransportForHttpRetry: +++++ enter +++++
Feb 13 16:49:32.051 DEBUG 2638747456 Simba::ImpalaODBC::ImpalaTCLIServiceRetryClient::ShouldRetry: The API call OpenSession had failed. Attempting to retry the API call. Error detail: SSL_connect: certificate verify failed
Feb 13 16:49:32.051 TRACE 2638747456 Simba::ImpalaODBC::ImpalaTCLIServiceRetryClient::RecreateUnderlyingClientIfNeeded: +++++ enter +++++
Feb 13 16:49:32.051 DEBUG 2638747456 Simba::ImpalaODBC::ImpalaTCLIServiceRetryClient::RecreateUnderlyingClientIfNeeded: Recreating the underlying client.
Feb 13 16:49:32.051 TRACE 2638747456 Simba::ThriftExtension::TETCLIServiceWebBasedAuthClient::BrowserAuthenticationIfNeeded: +++++ enter +++++
Feb 13 16:49:32.051 TRACE 2638747456 Simba::ImpalaODBC::ImpalaTCLIServiceRetryClient::CreateUnderlyingClient: +++++ enter +++++
Feb 13 16:49:32.051 TRACE 2638747456 Simba::ImpalaODBC::ImpalaClient::CreateTProtocol: +++++ enter +++++
Feb 13 16:49:32.053 TRACE 2638747456 Simba::ImpalaODBC::ImpalaClient::CreateTCLIServiceClient: +++++ enter +++++
Feb 13 16:49:32.053 TRACE 2638747456 Simba::ThriftExtension::TETCLIServiceWebBasedAuthClient::TETCLIServiceWebBasedAuthClient: +++++ enter +++++
Feb 13 16:49:32.053 TRACE 2638747456 Simba::ThriftExtension::TETCLIServiceWebBasedAuthClient::OpenSession: +++++ enter +++++
Feb 13 16:49:32.053 TRACE 2638747456 Simba::ThriftExtension::TETCLIServiceWebBasedAuthClient::PrepareApiCalls: +++++ enter +++++
Feb 13 16:49:32.053 TRACE 2638747456 Simba::ThriftExtension::TETCLIServiceWebBasedAuthClient::CheckAndResetBackendConnection: +++++ enter +++++
Feb 13 16:49:32.053 TRACE 2638747456 Simba::ThriftExtension::TETCLIServiceWebBasedAuthClient::BrowserAuthenticationIfNeeded: +++++ enter +++++
Feb 13 16:49:32.055 DEBUG 2638747456 DriverSupport::DSSSLUtils::SslDefaultVerifyCertCallback: The X509_STORE_CTX_get_error of SSL verification is: 20
Feb 13 16:49:32.055 DEBUG 2638747456 DriverSupport::DSSSLUtils::SslVerifyCertCallback: Error depth: 0
Feb 13 16:49:32.058 DEBUG 2638747456 DriverSupport::DSSSLUtils::SslDefaultVerifyCertCallback: The X509_STORE_CTX_get_error of SSL verification is: 20
Feb 13 16:49:32.058 DEBUG 2638747456 DriverSupport::DSSSLUtils::SslVerifyCertCallback: Error depth: 0
Feb 13 16:49:32.058 TRACE 2638747456 Simba::ImpalaODBC::ImpalaTCLIServiceRetryClient::ShouldRetry: +++++ enter +++++
Feb 13 16:49:32.058 TRACE 2638747456 Simba::ThriftExtension::TETCLIServiceWebBasedAuthClient::ShouldRetry: +++++ enter +++++
Feb 13 16:49:32.058 DEBUG 2638747456 Simba::ThriftExtension::TETCLIServiceWebBasedAuthClient::ShouldRetry: The number of attempts to retry the API call OpenSession have exceeded the max retry limit 3.
Feb 13 16:49:32.058 TRACE 2638747456 Simba::ThriftExtension::TEHttpApiRetryEmulationTestSettings::~TEHttpApiRetryEmulationTestSettings: +++++ enter +++++
Feb 13 16:49:32.058 TRACE 2638747456 Simba::ImpalaODBC::ImpalaTCLIServiceClientFactory::~ImpalaTCLIServiceClientFactory: +++++ enter +++++
Feb 13 16:49:32.059 TRACE 2638747456 Simba::ImpalaODBC::ImpalaConnection::SetProperty: +++++ enter +++++
Feb 13 16:49:32.059 ERROR 2638747456 Simba::ODBC::Connection::SQLConnectW: [Cloudera][ThriftExtension] (14) Unexpected response from server during a HTTP connection: SSL_connect: certificate verify failed.
Feb 13 16:49:32.059 TRACE 2638747456 Simba::ThriftExtension::TEHttpApiRetryEmulationTestSettings::~TEHttpApiRetryEmulationTestSettings: +++++ enter +++++
[S1000][unixODBC][Cloudera][ThriftExtension] (14) Unexpected response from server during a HTTP connection: SSL_connect: certificate verify failed.
[ISQL]ERROR: Could not SQLConnect
[root@desenv Downloads]#
(I've stripped a part of it, leaving the important information(i suppose) only)
What can i do to diagnose this issue?
Thanks!
1 REPLY 1
Master Collaborator
Created ‎02-18-2025 10:36 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @pablobhz
Thank you for reaching out to the community
How are you connecting?
Are you providing any trust store while connecting if yes then is the Root certificate added in the truststore
