Support Questions

Find answers, ask questions, and share your expertise

Who agreed with this topic

certificate_unknown error observed on enabling TLS/SSL on hadoop and yarn

avatar
New Contributor

I am using Cloudera 5.7 and have installed the basic services successfully. But when i enable TLS/SSL for hadoop and yarn, I start getting below exception from NameNode and Resource Manager.

 

 

WARN org.mortbay.log: EXCEPTION
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
        at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
        at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:723)
        at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)

 

I am using self-signed certificates which I have generated using instructions in Example3: http://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_create_key_trust.html. Both keystore and truststore are located in /var/lib/hadoop-hdfs/certs on each node of cluster and have all read permissions and hadoop as owner group.

 

# ls -l node.keystore
-rwxrwxrwx 1 hdfs hadoop 1317 Apr 11 06:32 node.keystore

 

Please help.

Who agreed with this topic