Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to create SAM service pool for secured Ambari server

Solved Go to solution

How to create SAM service pool for secured Ambari server

Expert Contributor

Try to create a service pool in SAM from a secured cluster with secured Ambari server. Ambari HTTPS is done using self generated certificates. The webUI could be access with following url

https://[AMBARI_HOST]:8443/#/main/dashboard/metrics

When putting the following url in creating service pool WebUI in SAM

https://[AMBARI_HOST]:8443/api/v1/clusters/[AMBARI_CLUSTER_NAME]

javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

Is there a truststore location for SAM or should I just import the cert to Java truststore?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: How to create SAM service pool for secured Ambari server

Expert Contributor

I am able to make it work by adding Ambari cert to SAM node's Java truststore at

JAVA_HOME/jre/lib/security/cacerts

Since the document did not mentioned it, I wonder if this is the standard practice or there is a truststore for SAM itself.

3 REPLIES 3

Re: How to create SAM service pool for secured Ambari server

Super Guru
@Qi Wang

Have you setup a truststore and then trust SAM as an application that can connect to Ambari? I have not set this up but not setting up a truststore and "trusting" SAM can be a reason for your error. Check troubleshooting in the following link:

https://community.hortonworks.com/articles/39865/enabling-https-for-ambariserver-and-troubleshootin....

Re: How to create SAM service pool for secured Ambari server

Expert Contributor

I did created a truststore for queue manager view. But I believe although the truststore is located on Ambari server, by importing Ambari HTTPS cert to the store it is actually used by Ambari views to connect to Ambari HTTPS server. It is not really for other client like SAM.

Re: How to create SAM service pool for secured Ambari server

Expert Contributor

I am able to make it work by adding Ambari cert to SAM node's Java truststore at

JAVA_HOME/jre/lib/security/cacerts

Since the document did not mentioned it, I wonder if this is the standard practice or there is a truststore for SAM itself.