Support Questions
Find answers, ask questions, and share your expertise

keystore permission denied error when trying to run "service cloudera-scm-server start"

New Contributor

Hello All...


I have been working to change my cluster over from self-signed certificates to a private CA configuration, using CA provided certificates.  After completing the keystore setup, I executed the following step:

Step 2: Enable HTTPS for the Cloudera Manager Admin Console and Specify Server Keystore Properties

  1. Log into the Cloudera Manager Admin Console.
  2. Select Administration > Settings.
  3. Click the Security category.
  4. Configure the following TLS settings:
    Property Description
    Path to TLS Keystore FileThe complete path to the keystore file. In the example, this path would be:


    Keystore PasswordThe password for keystore: password
    Use TLS Encryption for Admin ConsoleCheck this box to enable TLS encryption for Cloudera Manager.
  5. Click Save Changes to save the settings


Now....  I get the following error when I run the command service cloudera-scm-server start.


Exception in thread "MainThread" org.apache.avro.AvroRuntimeException: /opt/cloudera/security/CAcerts/cmhost-keystore.jks (Permission denied)
        at com.cloudera.server.common.HttpConnectorServer.start(
        at com.cloudera.server.cmf.Main.startAgentServer(
        at com.cloudera.server.cmf.Main.startAvro(
        at com.cloudera.server.cmf.Main.main(
Caused by: /opt/cloudera/security/CAcerts/cmhost-keystore.jks (Permission denied)
        at Method)
        at org.mortbay.resource.FileResource.getInputStream(
        at org.mortbay.component.AbstractLifeCycle.start(
        at org.mortbay.jetty.Server.doStart(
        at org.mortbay.component.AbstractLifeCycle.start(
        at com.cloudera.server.common.HttpConnectorServer.start(
        ... 4 more


Rising Star

From the looks of it, the file permissions on the file : /opt/cloudera/security/CAcerts/cmhost-keystore.jks is incorrect.


The process usually runs as cloudera-scm user. So check the permissions on that file.

; ;