I'm setting up a 4 node HDP 2.5 cluster with a requirement to encrypt all data in transit. I've been following the documentation from here: https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/ch_hdp-security-guide-w...
I am using a certificate signed by my company's Issuing CA. The following is in my server.keystore.jks (sensitive bits masked)
<server's FQDN>, Feb 10, 2017, PrivateKeyEntry,
Certificate fingerprint (SHA1): B6:DA:29:57:27:10:D3:97:8D:CD:49:6C:87:82:9F:64:DD:XX:XX:XX
<company> issuing ca, Feb 10, 2017, trustedCertEntry,
Certificate fingerprint (SHA1): F7:20:77:9E:08:4F:20:2E:E6:8C:78:5D:EA:39:91:6F:D7:XX:XX:XX
<company> root ca, Feb 10, 2017, trustedCertEntry,
Certificate fingerprint (SHA1): 8D:4A:EA:A6:43:71:83:FE:44:FA:E5:04:D7:E3:5B:3A:45:XX:XX:XX
After configuring the system to use the keys and restarting the HDFS service in Ambari, I can get the DataNode to start up. When the NameNode starts up, the service comes up but then it does a check using curl. The following error shows up in the error log:
resource_management.core.exceptions.Fail: Execution of 'curl -sS -L -w '%{http_code}' -X GET -k 'https://<server's FQDN>:50470/webhdfs/v1/tmp?op=GETFILESTATUS&user.name=hdfs' 1>/tmp/tmpiWgx4l 2>/tmp/tmpHLEISr' returned 35.
curl: (35) NSS: client certificate not found (nickname not specified)
000I get the same result if I try to run the same command on the command line. In addition, if I try to access the same URL from Chrome, I'm getting ERR_BAD_SSL_CLIENT_AUTH_CERT back. I don't have a lot of experience setting up SSL/TLS and am pretty much stuck at this point. Any help would be greatly appreciated.
Thanks,
Mike
