Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

How to create SAM service pool for secured Ambari server

avatar
author-rank qiwang
Master Collaborator

Created on ‎08-17-2017 07:47 PM - edited ‎09-16-2022 05:06 AM

Try to create a service pool in SAM from a secured cluster with secured Ambari server. Ambari HTTPS is done using self generated certificates. The webUI could be access with following url

https://[AMBARI_HOST]:8443/#/main/dashboard/metrics

When putting the following url in creating service pool WebUI in SAM

https://[AMBARI_HOST]:8443/api/v1/clusters/[AMBARI_CLUSTER_NAME]

javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Is there a truststore location for SAM or should I just import the cert to Java truststore?

2,147 Views
1 ACCEPTED SOLUTION

avatar
author-rank qiwang
Master Collaborator

Created ‎08-18-2017 02:09 PM

I am able to make it work by adding Ambari cert to SAM node's Java truststore at

JAVA_HOME/jre/lib/security/cacerts

Since the document did not mentioned it, I wonder if this is the standard practice or there is a truststore for SAM itself.

View solution in original post

2,005 Views
3 REPLIES 3

avatar
author-rank mqureshi
Super Guru

Created ‎08-17-2017 10:01 PM

@Qi Wang

Have you setup a truststore and then trust SAM as an application that can connect to Ambari? I have not set this up but not setting up a truststore and "trusting" SAM can be a reason for your error. Check troubleshooting in the following link:

https://community.hortonworks.com/articles/39865/enabling-https-for-ambariserver-and-troubleshootin....

2,005 Views
0 Kudos

avatar
author-rank qiwang
Master Collaborator

Created ‎08-18-2017 02:26 PM

I did created a truststore for queue manager view. But I believe although the truststore is located on Ambari server, by importing Ambari HTTPS cert to the store it is actually used by Ambari views to connect to Ambari HTTPS server. It is not really for other client like SAM.

2,005 Views

avatar
author-rank qiwang
Master Collaborator

Created ‎08-18-2017 02:09 PM

I am able to make it work by adding Ambari cert to SAM node's Java truststore at

JAVA_HOME/jre/lib/security/cacerts

Since the document did not mentioned it, I wonder if this is the standard practice or there is a truststore for SAM itself.

2,006 Views
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
View More Announcements