Created on 04-11-2016 04:54 AM - edited 09-16-2022 03:13 AM
I am using Cloudera 5.7 and have installed the basic services successfully. But when i enable TLS/SSL for hadoop and yarn, I start getting below exception from NameNode and Resource Manager.
WARN org.mortbay.log: EXCEPTION javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323) at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:723) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
I am using self-signed certificates which I have generated using instructions in Example3: http://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_create_key_trust.html. Both keystore and truststore are located in /var/lib/hadoop-hdfs/certs on each node of cluster and have all read permissions and hadoop as owner group.
# ls -l node.keystore
-rwxrwxrwx 1 hdfs hadoop 1317 Apr 11 06:32 node.keystore
Please help.