Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Key protection algorithm not found: java.security.KeyStoreException: Certificate chain is not valid

SOLVED Go to solution

Key protection algorithm not found: java.security.KeyStoreException: Certificate chain is not valid

Hi All,

 

I need help here, I was at step 7 of "Level 3: Configuring the Cluster to Authenticate Agent Certificates"image.png

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

But when I run this command to create PKCS12 version of JKS, it return this error

 

[root@msimaster1 pki]# keytool -importkeystore -srckeystore /opt/cloudera/security/pki/$(hostname -f)-agent.jks \
> -srcstorepass P@ssw0rd -srckeypass P@ssw0rd \
> -destkeystore /opt/cloudera/security/pki/$(hostname -f)-agent.p12 \
> -deststoretype PKCS12 -srcalias $(hostname -f)-agent -deststorepass \
> P@ssw0rd -destkeypass P@ssw0rd
Problem importing entry for alias msimaster1-agent: java.security.KeyStoreException: Key protection  algorithm not found: java.security.KeyStoreException: Certificate chain is not valid.
Entry for alias msimaster1-agent not imported.

I'm quite new with this certificate matter, already googled this one but still can't solve this issue

 

Can anyone help to identify what this error mean and how to solve it please

 

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Key protection algorithm not found: java.security.KeyStoreException: Certificate chain is not v

Hi I solve this issue by just retry the step again, and it works. I think i made some mistake in generate and signing certificate, thanks for your help Tomas

4 REPLIES 4

Re: Key protection algorithm not found: java.security.KeyStoreException: Certificate chain is not v

Master Collaborator
Have you installed Unlimited cryptography for JAVA?
(JCE) Maybe there is a problem, that the algortihm is too strong.

Re: Key protection algorithm not found: java.security.KeyStoreException: Certificate chain is not v

I already install JCE for JAVA and already put local_policy.jar and US_export_policy.jar in $JAVA_HOME/jre/lib/security.

 

Do I have to change that file owner or permission?

Re: Key protection algorithm not found: java.security.KeyStoreException: Certificate chain is not v

Master Collaborator
No. Then I dont know. Can you paste here all the commands how you generated
the keystore and keys?

Re: Key protection algorithm not found: java.security.KeyStoreException: Certificate chain is not v

Hi I solve this issue by just retry the step again, and it works. I think i made some mistake in generate and signing certificate, thanks for your help Tomas