Created on 09-13-2016 06:49 AM - edited 09-16-2022 03:39 AM
Hi Guys,
I have a problem with oozie on my cloudera cluster. I enabled TLS encryption for admin console and Agents. I specified Keystore and Truststore File location and passwords in configuration tab for oozie.
When i try to curl oozie:
oozie admin -oozie https://ukgs2hdm02.cwglobal.local:11443/oozie -status
Error: IO_ERROR : java.io.IOException: Error while connecting Oozie server. No of retries = 1. Exception = sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I was thinking about importing host certificate to default java keystore but find this:
/opt/jdk1.7.0_79/jre/lib/security/cacerts /opt/cloudera/parcels/CDH-5.5.4-1.cdh5.5.4.p0.9/lib/hue/build/env/lib/python2.6/site-packages/boto-2.38.0-py2.6.egg/boto/cacerts /usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre/lib/security/cacerts /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101.x86_64/jre/lib/security/cacerts /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.39.x86_64/jre/lib/security/cacerts /usr/java/jdk1.7.0_67-cloudera/jre/lib/security/cacerts /usr/java/jdk1.6.0_31/jre/lib/security/cacerts /etc/pki/ca-trust/extracted/java/cacerts /etc/pki/java/cacerts
and I don't know which one should I use?
Here are my files related to cert:
-rw-r-----. 1 root tls 1996 May 31 13:08 cdh_host.key -rw-r-----. 1 root tls 2159 May 31 13:08 cdh_host.keystore -r--r-----. 1 oozie tls 2159 Sep 13 09:45 cdh_host.oozie.keystore -rw-r-----. 1 root tls 1123 May 31 13:08 cdh_host.pem -r-xr--r--. 1 cloudera-scm tls 8754 Sep 7 13:39 truststore.jks -rw-r-----. 1 root tls 11961 Sep 7 13:39 truststore.pem -rw-r-----. 1 root tls 789 May 31 13:08 ukgs2hdm02.cwglobal.local.cer
oozie keystore is the same as the host keystore.
Any ideas?