Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

error in Configuring TLS Encryption for Cloudera Manager

error in Configuring TLS Encryption for Cloudera Manager

Visitor

Hi, Cloudera Team
I've followed the tutorial in https://www.cloudera.com/documentation/enterprise/5-11-x/topics/how_to_configure_cm_tls.html step by step,but it did not work in last step.

 

cloudera-scm-server.log:
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

 

cloudera-scm-agent.log:
Traceback (most recent call last):
File "/opt/cm-5.11.1/lib/cmf/agent/build/env/lib/python2.7/site-packages/cmf-5.11.1-py2.7.egg/cmf/agent.py", line 1373, in _send_heartbeat
self.max_cert_depth)
File "/opt/cm-5.11.1/lib/cmf/agent/build/env/lib/python2.7/site-packages/cmf-5.11.1-py2.7.egg/cmf/https.py", line 134, in __init__
self.conn.connect()
File "/opt/cm-5.11.1/lib/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/httpslib.py", line 59, in connect
sock.connect((self.host, self.port))
File "/opt/cm-5.11.1/lib/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 195, in connect
ret = self.connect_ssl()
File "/opt/cm-5.11.1/lib/cmf/agent/build/env/lib/python2.7/site-packages/M2Crypto-0.24.0-py2.7-linux-x86_64.egg/M2Crypto/SSL/Connection.py", line 188, in connect_ssl
return m2.ssl_connect(self.ssl, self._timeout)
SSLError: unexpected eof

 

/etc/cloudera-scm-agent/config.ini:
use_tls=1
verify_cert_file=/opt/cloudera/security/pki/rootca.pem
client_key_file=/opt/cloudera/security/pki/agent.key
client_keypw_file=/opt/cm-5.11.1/etc/cloudera-scm-agent/agentkey.pw
client_cert_file=/opt/cloudera/security/pki/agent.pem

 

can anyone help me? Thanks

1 REPLY 1

Re: error in Configuring TLS Encryption for Cloudera Manager

Contributor

After you completed step 2 (Configure TLS for the Cloudera Manager Admin Console) did you restart Cloudera Manager from the OS (sudo service cloudera-scm-server restart)?

 

When you connect to Cloudera Manager using the browser do you see TLS enabled for it? (padlock on the URL bar)

 

How did you generate and sign your certificates?