Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

How to create SAM service pool for secured Ambari server

avatar
Master Collaborator

Try to create a service pool in SAM from a secured cluster with secured Ambari server. Ambari HTTPS is done using self generated certificates. The webUI could be access with following url

https://[AMBARI_HOST]:8443/#/main/dashboard/metrics

When putting the following url in creating service pool WebUI in SAM

https://[AMBARI_HOST]:8443/api/v1/clusters/[AMBARI_CLUSTER_NAME]

javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

Is there a truststore location for SAM or should I just import the cert to Java truststore?

1 ACCEPTED SOLUTION

avatar
Master Collaborator

I am able to make it work by adding Ambari cert to SAM node's Java truststore at

JAVA_HOME/jre/lib/security/cacerts

Since the document did not mentioned it, I wonder if this is the standard practice or there is a truststore for SAM itself.

View solution in original post

3 REPLIES 3

avatar
Super Guru
@Qi Wang

Have you setup a truststore and then trust SAM as an application that can connect to Ambari? I have not set this up but not setting up a truststore and "trusting" SAM can be a reason for your error. Check troubleshooting in the following link:

https://community.hortonworks.com/articles/39865/enabling-https-for-ambariserver-and-troubleshootin....

avatar
Master Collaborator

I did created a truststore for queue manager view. But I believe although the truststore is located on Ambari server, by importing Ambari HTTPS cert to the store it is actually used by Ambari views to connect to Ambari HTTPS server. It is not really for other client like SAM.

avatar
Master Collaborator

I am able to make it work by adding Ambari cert to SAM node's Java truststore at

JAVA_HOME/jre/lib/security/cacerts

Since the document did not mentioned it, I wonder if this is the standard practice or there is a truststore for SAM itself.