Support Questions

Find answers, ask questions, and share your expertise

HDFS rest encryption zone unable to find valid certification path

avatar
Rising Star

Cluster having the rest encryption enabled, I am able to create keys using "#hdfs key create mykey1" but not able to create encryption zone on hdfs directories.

Please find below steps for reference

-bash-4.1$ hadoop key list

Listing keys for KeyProvider: KMSClientProvider[https://fqdn:port/kms/v1/]

mykey2

mykey1

I got below error when I am going to assign encryption zone to hdfs empty dir.

-sh-4.1$ hdfs crypto -createZone -keyName mykey1 -path /user/xxxx/zone1

RemoteException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

1 ACCEPTED SOLUTION

avatar
Rising Star

Resolved: Enabled Kerberos Authentication for HTTP Web-Consoles (HDFS) and regenerated missing kerberos credentials

After changes done, I got below output.

-bash-4.1$ hdfs crypto -createZone -keyName mykey1 -path /user/xxxx/zone1

Added encryption zone /user/xxxx/zone1

-bash-4.1$

View solution in original post

3 REPLIES 3

avatar
Rising Star

Resolved: Enabled Kerberos Authentication for HTTP Web-Consoles (HDFS) and regenerated missing kerberos credentials

After changes done, I got below output.

-bash-4.1$ hdfs crypto -createZone -keyName mykey1 -path /user/xxxx/zone1

Added encryption zone /user/xxxx/zone1

-bash-4.1$

avatar
Contributor

I am facing a simillar issue, i am kind of new to the kms. it would really help if you can elaborate on the steps.

avatar
New Contributor

Encryption keys are the most important aspect of encryption. Encrypted messages because most of the information involved in etc to eur transactions is largely public.