Support Questions

Find answers, ask questions, and share your expertise
Announcements
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.

How to create SAM service pool for secured Ambari server

Expert Contributor

Try to create a service pool in SAM from a secured cluster with secured Ambari server. Ambari HTTPS is done using self generated certificates. The webUI could be access with following url

https://[AMBARI_HOST]:8443/#/main/dashboard/metrics

When putting the following url in creating service pool WebUI in SAM

https://[AMBARI_HOST]:8443/api/v1/clusters/[AMBARI_CLUSTER_NAME]

javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

Is there a truststore location for SAM or should I just import the cert to Java truststore?

1 ACCEPTED SOLUTION

Expert Contributor

I am able to make it work by adding Ambari cert to SAM node's Java truststore at

JAVA_HOME/jre/lib/security/cacerts

Since the document did not mentioned it, I wonder if this is the standard practice or there is a truststore for SAM itself.

View solution in original post

3 REPLIES 3

Super Guru
@Qi Wang

Have you setup a truststore and then trust SAM as an application that can connect to Ambari? I have not set this up but not setting up a truststore and "trusting" SAM can be a reason for your error. Check troubleshooting in the following link:

https://community.hortonworks.com/articles/39865/enabling-https-for-ambariserver-and-troubleshootin....

Expert Contributor

I did created a truststore for queue manager view. But I believe although the truststore is located on Ambari server, by importing Ambari HTTPS cert to the store it is actually used by Ambari views to connect to Ambari HTTPS server. It is not really for other client like SAM.

Expert Contributor

I am able to make it work by adding Ambari cert to SAM node's Java truststore at

JAVA_HOME/jre/lib/security/cacerts

Since the document did not mentioned it, I wonder if this is the standard practice or there is a truststore for SAM itself.

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.