Hi Guys,
I have a problem with oozie on my cloudera cluster. I enabled TLS encryption for admin console and Agents. I specified Keystore and Truststore File location and passwords in configuration tab for oozie.
When i try to curl oozie:
oozie admin -oozie https://ukgs2hdm02.cwglobal.local:11443/oozie -status
Error: IO_ERROR : java.io.IOException: Error while connecting Oozie server.
No of retries = 1. Exception = sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I was thinking about importing host certificate to a default java keystore but find this:
/opt/jdk1.7.0_79/jre/lib/security/cacerts
/opt/cloudera/parcels/CDH-5.5.4-1.cdh5.5.4.p0.9/lib/hue/build/env/lib/python2.6/site-packages/boto-2.38.0-py2.6.egg/boto/cacerts
/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre/lib/security/cacerts
/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101.x86_64/jre/lib/security/cacerts
/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.39.x86_64/jre/lib/security/cacerts
/usr/java/jdk1.7.0_67-cloudera/jre/lib/security/cacerts
/usr/java/jdk1.6.0_31/jre/lib/security/cacerts
/etc/pki/ca-trust/extracted/java/cacerts
/etc/pki/java/cacerts
and I don't know which one should I use?
Here are my files related to cert:
-rw-r-----. 1 root tls 1996 May 31 13:08 cdh_host.key
-rw-r-----. 1 root tls 2159 May 31 13:08 cdh_host.keystore
-r--r-----. 1 oozie tls 2159 Sep 13 09:45 cdh_host.oozie.keystore
-rw-r-----. 1 root tls 1123 May 31 13:08 cdh_host.pem
-r-xr--r--. 1 cloudera-scm tls 8754 Sep 7 13:39 truststore.jks
-rw-r-----. 1 root tls 11961 Sep 7 13:39 truststore.pem
-rw-r-----. 1 root tls 789 May 31 13:08 ukgs2hdm02.cwglobal.local.cer
oozie keystore is the same as the host keystore.
I have added certificate to all default java truststores and still the same problem.
Oozie web console works just fine.
Any ideas?
