Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

How to turn off 2 way SSL authentication for smartsense agent?

avatar
Super Collaborator

I am trying to restart my hst-agent, but it repeatedly fails with below error message:

ERROR 2016-05-02 03:08:20,978 security.py:78 - Two-way SSL authentication failed. Ensure that server and agent certificates were signed by the same CA and restart the agent. 

In order to receive a new agent certificate, remove existing certificate file from keys directory. As a workaround you can turn off two-way SSL authentication in agent configuration(hst-agent.ini)

Exiting.. 

ERROR 2016-05-02 03:08:20,979 security.py:86 - [Errno 8] _ssl.c:492: EOF occurred in violation of protocol

I even tried deleting all the hst-agent keys bit still to no avail.

I am trying to setup the smartsense on my HDP 2.4 VM

1 ACCEPTED SOLUTION

avatar
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
4 REPLIES 4

avatar
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login

avatar
Super Collaborator

Also, you can enable the md5 algorithm from your java security by changing the security setting from the file

JAVA_HOME/lib/security/java.security

and deleting the md5 algorithm from the line

jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024


jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048

This worked for me - but when you do this, please be mindful of the security settings that you are impacting your machine.

avatar
Explorer

Hi ,

I have the a similar issue but appears when we reboot the server.

07 Dec 2016 06:11:25 ERROR [MainThread] security.py:82 - Two-way SSL authentication failed. [Errno 0] _ssl.c:330: error:00000000:lib(0):func(0):reason(0)

The first thing that I do was find the keys in the HST Agent

/var/lib/smartsense/hst-agent/keys

The keys was empty. So I followed the next steps

1) In Ambari , restart all smartsense

2) In Ambari --- smartsense -- Restart HST Agent.

and now , the keys in the HST Agent are genereted.

Regards.

avatar
Contributor

For SmartSense versions 1.3.0 and above, we can use below CLI to regenerate the SSL keys on agents

# hst reset-agent