Created 05-02-2016 03:23 AM
I am trying to restart my hst-agent, but it repeatedly fails with below error message:
ERROR 2016-05-02 03:08:20,978 security.py:78 - Two-way SSL authentication failed. Ensure that server and agent certificates were signed by the same CA and restart the agent. In order to receive a new agent certificate, remove existing certificate file from keys directory. As a workaround you can turn off two-way SSL authentication in agent configuration(hst-agent.ini) Exiting.. ERROR 2016-05-02 03:08:20,979 security.py:86 - [Errno 8] _ssl.c:492: EOF occurred in violation of protocol
I even tried deleting all the hst-agent keys bit still to no avail.
I am trying to setup the smartsense on my HDP 2.4 VM
Created 05-02-2016 06:25 PM
This error occurs because the md5 digest became deprecated in favor of sha256 in recent versions of Java. It is fixed in the next SmartSense HST release. The workaround is somewhat complicated, so we recommend you open a support case for assistance. If you wish to attempt it yourself, here is the process...
WORKAROUND: Change the default digest to “sha256” instead of “md5” and then regenerate all certificates. Follow these steps:
NOTE: Turning off two-way SSL is NOT recommended (the error message has been improved in newer versions of HST), and the issue occurs on hosts with following JDK versions or newer:
JDK Family | Versions |
Oracle | 1.8.0_71 |
Oracle | 1.7.0_95 |
Oracle | 1.6.0_111 |
OpenJDK | 1.7.0_45 |
OpenJDK | 1.8.0_40 |
Created 05-02-2016 06:25 PM
This error occurs because the md5 digest became deprecated in favor of sha256 in recent versions of Java. It is fixed in the next SmartSense HST release. The workaround is somewhat complicated, so we recommend you open a support case for assistance. If you wish to attempt it yourself, here is the process...
WORKAROUND: Change the default digest to “sha256” instead of “md5” and then regenerate all certificates. Follow these steps:
NOTE: Turning off two-way SSL is NOT recommended (the error message has been improved in newer versions of HST), and the issue occurs on hosts with following JDK versions or newer:
JDK Family | Versions |
Oracle | 1.8.0_71 |
Oracle | 1.7.0_95 |
Oracle | 1.6.0_111 |
OpenJDK | 1.7.0_45 |
OpenJDK | 1.8.0_40 |
Created 05-03-2016 02:20 AM
Also, you can enable the md5 algorithm from your java security by changing the security setting from the file
JAVA_HOME/lib/security/java.security
and deleting the md5 algorithm from the line
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
This worked for me - but when you do this, please be mindful of the security settings that you are impacting your machine.
Created 12-07-2016 05:03 PM
Hi ,
I have the a similar issue but appears when we reboot the server.
07 Dec 2016 06:11:25 ERROR [MainThread] security.py:82 - Two-way SSL authentication failed. [Errno 0] _ssl.c:330: error:00000000:lib(0):func(0):reason(0)
The first thing that I do was find the keys in the HST Agent
/var/lib/smartsense/hst-agent/keys
The keys was empty. So I followed the next steps
1) In Ambari , restart all smartsense
2) In Ambari --- smartsense -- Restart HST Agent.
and now , the keys in the HST Agent are genereted.
Regards.
Created 06-02-2017 03:16 AM
For SmartSense versions 1.3.0 and above, we can use below CLI to regenerate the SSL keys on agents
# hst reset-agent