Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Key protection algorithm not found: java.security.KeyStoreException: Certificate chain is not valid

Labels:
avatar
author-rank EduardBangga
Contributor

Created ‎12-06-2017 02:46 AM

Hi All,

 

I need help here, I was at step 7 of "Level 3: Configuring the Cluster to Authenticate Agent Certificates"image.png

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

But when I run this command to create PKCS12 version of JKS, it return this error

 

[root@msimaster1 pki]# keytool -importkeystore -srckeystore /opt/cloudera/security/pki/$(hostname -f)-agent.jks \
> -srcstorepass P@ssw0rd -srckeypass P@ssw0rd \
> -destkeystore /opt/cloudera/security/pki/$(hostname -f)-agent.p12 \
> -deststoretype PKCS12 -srcalias $(hostname -f)-agent -deststorepass \
> P@ssw0rd -destkeypass P@ssw0rd
Problem importing entry for alias msimaster1-agent: java.security.KeyStoreException: Key protection  algorithm not found: java.security.KeyStoreException: Certificate chain is not valid.
Entry for alias msimaster1-agent not imported.

I'm quite new with this certificate matter, already googled this one but still can't solve this issue

 

Can anyone help to identify what this error mean and how to solve it please

 

17,786 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank EduardBangga
Contributor

Created ‎01-09-2018 11:59 PM

Hi I solve this issue by just retry the step again, and it works. I think i made some mistake in generate and signing certificate, thanks for your help Tomas

View solution in original post

17,643 Views
0 Kudos
4 REPLIES 4

avatar
author-rank Tomas79
Guru

Created ‎12-06-2017 06:00 AM

Have you installed Unlimited cryptography for JAVA?
(JCE) Maybe there is a problem, that the algortihm is too strong.
17,778 Views
0 Kudos

avatar
author-rank EduardBangga
Contributor

Created ‎12-06-2017 06:09 PM

I already install JCE for JAVA and already put local_policy.jar and US_export_policy.jar in $JAVA_HOME/jre/lib/security.

 

Do I have to change that file owner or permission?

17,765 Views
0 Kudos

avatar
author-rank Tomas79
Guru

Created ‎12-06-2017 10:17 PM

No. Then I dont know. Can you paste here all the commands how you generated
the keystore and keys?
17,753 Views
0 Kudos

avatar
author-rank EduardBangga
Contributor

Created ‎01-09-2018 11:59 PM

Hi I solve this issue by just retry the step again, and it works. I think i made some mistake in generate and signing certificate, thanks for your help Tomas

17,644 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements