Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Use TLS Authentication of Agents to Server : General SSLEngine problem

Highlighted

Use TLS Authentication of Agents to Server : General SSLEngine problem

New Contributor
 
 
Hi
I have configured the agent certificate by reading this document (https://www.cloudera.com/documentation/enterprise/latest/topics/how_to_configure_cm_tls.html#concept...).
I checked 'Use TLS Authentication of Agents to Server' and completed the configuration as described in the document.

But I found an SSL error.
The error seems to fail heartbeat communication between Server and Agent.
The error message is as follows.
Server Error Message:
2019-02-21 18: 33: 36,293 WARN 339455364 @ agentServer-7: org.mortbay.log: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
 
Agent Error Message:
[21 / Feb / 2019 18:31:20 +0000] 618 MainThread agent ERROR myhost: 7182 failed.
Traceback (most recent call last):
  File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/cmf-5.16.1-py2.7.egg/cmf/agent.py", line 1433, in _send_heartbeat
    self.max_cert_depth)
  File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/cmf-5.16.1-py2.7.egg/cmf/https.py", line 138, in __init__
    self.conn.connect ()
  File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/httpslib.py", line 59 , in connect
    sock.connect ((self.host, self.port))
  File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 195, in connect
    ret = self.connect_ssl ()
  File "/usr/lib64/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 188, in connect_ssl
    return m2.ssl_connect (self.ssl, self._timeout)
SSLError: unexpected eof
Please help me~~!!
1 REPLY 1

Re: Use TLS Authentication of Agents to Server : General SSLEngine problem

Expert Contributor

Looks like a configuration issue. Can you share /etc/cloudera-scm-agent/config.ini 

# egrep -v '^[[:blank:]]*#|^$' /etc/cloudera-scm-agent/config.ini

Also verify if CM server responds correctly:

# openssl s_client -connect <cmhostname>:7182