Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

TLS cloudera manager

avatar
Explorer

Can group please assist with TLS 1 configuration and following error rcvd.

 

Followed the instruction available at cloduera documentation:

use_tls=1

(self signed certificate), RHEL 6.5 CM 5.7

 

Details from agent log file.

 

11/Sep/2016 12:25:21 +0000] 7617 MainThread agent ERROR Heartbeating to 192.168.1.70:7182 failed.
Traceback (most recent call last):
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/cmf-5.7.1-py2.6.egg/cmf/agent.py", line 1201, in _send_heartbeat
self.max_cert_depth)
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/cmf-5.7.1-py2.6.egg/cmf/https.py", line 131, in __init__
self.conn.connect()
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/httpslib.py", line 50, in connect
self.sock.connect((self.host, self.port))
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 185, in connect
ret = self.connect_ssl()
File "/usr/lib64/cmf/agent/build/env/lib/python2.6/site-packages/M2Crypto-0.21.1-py2.6-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 178, in connect_ssl
return m2.ssl_connect(self.ssl)
SSLError: unknown group

 

 

1 ACCEPTED SOLUTION

avatar
Master Guru

Hello,

 

The "unknown group" error is usually caused by an older package of OpenSSL being installed on your hosts.

Run rpm -qa openssl

If you see a version like this: openssl-1.0.1e-15.el6 then upgrade your openssl to a later package, restart the agent, then try again.

 

Regards,

 

Ben

View solution in original post

2 REPLIES 2

avatar
Master Guru

Hello,

 

The "unknown group" error is usually caused by an older package of OpenSSL being installed on your hosts.

Run rpm -qa openssl

If you see a version like this: openssl-1.0.1e-15.el6 then upgrade your openssl to a later package, restart the agent, then try again.

 

Regards,

 

Ben

avatar
Explorer

Thanks Team

 

Yes, the issue was due to older version of ssl, had fixed this issues last.

Thanks for the details shared.

 

 

thank you

Kashi