Support Questions
Find answers, ask questions, and share your expertise

New LDAP configuration failing with "SSLHandshakeException: Received fatal alert: handshake_failure"

New Contributor

We need to update our LDAP configuration because our certificate is going to expire; we have a test ldaps server set up with the new certificate.  From within CDH->Administration->Settings, I pointed the "LDAP URL" to the new server.

 

simple bind failed: ldapsdev.{obscured domain}:3269; nested exception is javax.naming.CommunicationException: simple bind failed: ldapsdev.{obscureddomain}:3269 [Root exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure]

 

 Under the assumption that a cert needed to be added, I tried to figure out how, but could find zero documentation other than this:
https://community.cloudera.com/t5/Community-Articles/Steps-to-setup-Atlas-with-Ldaps-SSL/ta-p/247365

That relates to Atlas, which we don't use, but seemed right.  I downloaded "ldapsdev-ca.crt" from the ldaps server:

 

echo -n | openssl s_client -connect ldapsdev.{obscureddomain}:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ldapsdev-ca.crt

 

And then imported it into /usr/java/jdk1.7.0_67-cloudera/jre/lib/security/cacerts.  When I do a keytool -list on that, I see it in there.  I then restarted cloudera-scm-server, but I still get the same error.

Was that not the right cacerts file?  There are others in various subdirs under /etc/pki I could try to add to, but it'd be nice to know for sure which file Cloudera Server is trying to use.  Thanks!!!

0 REPLIES 0