@bgooley, Thanks for your reply. This setting causes the error I mentioned: export CMF_JAVA_OPTS="-Xmx2G -XX:MaxPermSize=256m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp -Djavax.net.ssl.trustStore=/opt/cloudera/security/pki/truststore.jks"   And this works: export CMF_JAVA_OPTS="-Xmx2G -XX:MaxPermSize=256m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp -Djavax.net.ssl.trustStore=/opt/cloudera/security/pki/truststore.jks -Djavax.net.ssl.trustStorePassword=<PASSWORD REMOVED>"   ... View more

@bgooley Regarding permissions, I meant the permissions for the /etc/default/cloudera-scm-server and not the JKS truststore file.   -Hamed ... View more

Hi @bgooley   Thanks for your reply.   The password is necessary to avoid malicious users to modify the truststore's contents (e.g. adding new certificates) and also is needed to check the integrity of the store's contents.     Removing the -Djavax.net.ssl.trustStorePassword=changeit causes the following exception:   Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) at java.security.KeyStore.load(KeyStore.java:1445) at com.mysql.jdbc.ExportControlled.getSSLSocketFactoryDefaultOrConfigured(ExportControlled.java:428) ... 23 more Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778) ... 28 more    -Hamed ... View more