@Raufshaikh @teo123 @dimi_yu - Starting with CDP 7.1.9, Cloudera rebased ZooKeeper to version 3.8 (3.8.1.7.1.9.0-387). Beginning with ZooKeeper version 3.6.0, a new a new monitoring feature (New Metrics System ) was introduced where you can enable the Prometheus MetricsProvider [0]. By default, the Port is set to the default port number of 7000 (which is configurable by setting "metricsProvider.httpPort"). While Prometheus itself does not require the HTTP TRACE method for normal operation, this behaviour is a result of the upstream ZooKeeper implementation ZOOKEEPER-3731. We at Cloudera, actively working internally to disable HTTP TRACE in the Prometheus MetricsProvider endpoint in an upcoming CDP release as part of our continued focus on security hardening. Which will be fixed in CDP 7.3.2, released in early 2026. As a workaround for now, you can just uncheck the "Enable the Prometheus MetricsProvider" option to disable the port for Prometheus metrics. [0] = https://zookeeper.apache.org/doc/r3.9.3/zookeeperAdmin.html#:~:text=metricsProvider.httpPort ... View more

Yes, it’s possible to use a single SSL certificate across all hosts in your cluster, but it depends on how your domains are set up. If all hosts share the same base domain (like host1.example.com, host2.example.com), you can use a wildcard SSL or a multi-domain (SAN) SSL certificate that covers all hostnames. Install the same cert and key on each node. This avoids creating separate CSRs and renewals for every host. Just note that sharing one private key across multiple servers can be a small security risk if one host is compromised. Hope it helps! ... View more

I’ve run into this error before too. It usually comes down to SSL misconfiguartion or browser settings. This checklist helped me fix it: https://cheapsslweb.com/blog/fix-neterr-ssl-protocol-error-in-google-chrome/., worth a try if the usual steps don’t work. Hope it helps! ... View more

The error means the SSL certificates used by your Cloudera ODBC driver are outdated or expired. To fix it, download the latest cacerts.pem file from a trusted source like Curl's CA bundle or your company’s security team. Replace the old cacerts.pem file in the ODBC driver's configuration directory. Then restart your ODBC connection and test again. ... View more

The error ERR_BAD_SSL_CLIENT_AUTH_CERT is a security-related bug that appears in web browsers, especially Google Chrome, due to a failure to interact with the SSL/TLS client authentication process.  This issue arises when SSL/TLS certificates are required on both client and server sides, but the client fails to present a valid certificate or the server can't verify it. Common causes include certificate misconfiguration, incorrect device date/time, software issues, or interference from browser extensions and antivirus programs. There are many different ways to fix the error which you need to understand properly in detail. Furthermore I found the helpful resource at:-  https://cheapsslweb.com/resources/how-to-fix-the-err_bad_ssl_client_auth_cert-error. I hope it helps!     ... View more

I will try to open a ticket [NIFI-14599] Parameter provider invalid revision issue - ASF JIRA ... View more