Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

HDFS rest encryption zone unable to find valid certification path

Solved Go to solution

HDFS rest encryption zone unable to find valid certification path

Contributor

Cluster having the rest encryption enabled, I am able to create keys using "#hdfs key create mykey1" but not able to create encryption zone on hdfs directories.

Please find below steps for reference

-bash-4.1$ hadoop key list

Listing keys for KeyProvider: KMSClientProvider[https://fqdn:port/kms/v1/]

mykey2

mykey1

I got below error when I am going to assign encryption zone to hdfs empty dir.

-sh-4.1$ hdfs crypto -createZone -keyName mykey1 -path /user/xxxx/zone1

RemoteException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

1 ACCEPTED SOLUTION

Accepted Solutions

Re: HDFS rest encryption zone unable to find valid certification path

Contributor

Resolved: Enabled Kerberos Authentication for HTTP Web-Consoles (HDFS) and regenerated missing kerberos credentials

After changes done, I got below output.

-bash-4.1$ hdfs crypto -createZone -keyName mykey1 -path /user/xxxx/zone1

Added encryption zone /user/xxxx/zone1

-bash-4.1$

3 REPLIES 3

Re: HDFS rest encryption zone unable to find valid certification path

Contributor

Resolved: Enabled Kerberos Authentication for HTTP Web-Consoles (HDFS) and regenerated missing kerberos credentials

After changes done, I got below output.

-bash-4.1$ hdfs crypto -createZone -keyName mykey1 -path /user/xxxx/zone1

Added encryption zone /user/xxxx/zone1

-bash-4.1$

Highlighted

Re: HDFS rest encryption zone unable to find valid certification path

I am facing a simillar issue, i am kind of new to the kms. it would really help if you can elaborate on the steps.

Re: HDFS rest encryption zone unable to find valid certification path

New Contributor

Encryption keys are the most important aspect of encryption. Encrypted messages because most of the information involved in etc to eur transactions is largely public.