Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger KMS crashes with Illegal Key Size exception in logs - OpenJDK

Re: Ranger KMS crashes with Illegal Key Size exception in logs - OpenJDK

Not sure if you ever got this working but today I ran into the same issue and worked with Hortonworks support and we resolved the issue. Here were my steps to resolve it:

-We saw in /var/log/ranger/kms/catlina.out the following error

java.security.InvalidKeyException: Illegal key size at
javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1039)
at javax.crypto.Cipher.implInit(Cipher.java:805)
at javax.crypto.Cipher.chooseProvider(Cipher.java:864)
at javax.crypto.Cipher.init(Cipher.java:1396)
at javax.crypto.Cipher.init(Cipher.java:1327) 

-The root cause of the error is that Java is unable to support the current key size and we need to use 256-bit keys. So we had to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy File on all hosts in the cluster. This is the prerequisite of the Ranger-KMS installation

-We use openjdk1.8 on our nodes and if you use the OpenJDK package, the JCE file is already built into the package.

-But we ran into a bug with our OS (RHEL-7) in which OpenJDK doesn’t roll out the latest JCE

-So we just downloaded the latest JCE for our java version from http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

-We took a backup of old JCE files (US_export_policy.jar and local_policy.jar) and replaced them with the latest ones. The backups are now in /usr/java/jdk1.8.0_121/jre/lib/security/bkp and the new ones are in /usr/java/jdk1.8.0_121/jre/lib/security

-After that we started the Ranger-KMS services which started successfully. We also restarted all components on the cluster that needed a restart after installing Ranger and Ranger-KMS. All came up successfully.

-Ranger-KMS is now working properly.

Hope this helps you or anyone else that has this issue!!

Re: Ranger KMS crashes with Illegal Key Size exception in logs - OpenJDK

Can you post your solution as a reply to the topic so I can mark it as the accepted answer? This actually worked for us.

Highlighted

Re: Ranger KMS crashes with Illegal Key Size exception in logs - OpenJDK

Explorer

@Chad Woodhead Thanks a lot, this worked for me! Please post your comment as a solution so that it helps others as well.

Don't have an account?
Coming from Hortonworks? Activate your account here