Member since
12-27-2018
24
Posts
0
Kudos Received
0
Solutions
10-22-2020
04:40 AM
Also followed https://community.cloudera.com/t5/Support-Questions/SSLError-certificate-verify-failed/td-p/92340/highlight/true but still no luck. According to the solution mentioned in this link, including certificates of two openssl command. openssl s_client -connect $(grep "server_host" /etc/cloudera-scm-agent/config.ini | sed s/server_host=//):7182 </dev/null | openssl x509 -text -noout depth=0 C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software verify error:num=18:self signed certificate verify return:1 depth=0 C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software verify return:1 139717345220416:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:ssl/record/rec_layer_s3.c:1544:SSL alert number 42 Certificate: Data: Version: 3 (0x2) Serial Number: 1521762547 (0x5ab440f3) Signature Algorithm: sha256WithRSAEncryption Issuer: C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software Validity Not Before: Oct 15 17:51:15 2020 GMT Not After : Jan 13 17:51:15 2021 GMT Subject: C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ad:b7:4d:34:67:0e:7f:48:03:5a:1f:cc:fd:d6: 5b:9b:8a:12:13:3c:03:2b:b8:87:63:de:66:e8:6d: 66:77:e5:8d:66:3b:db:a2:7d:8d:07:21:38:8d:fb: 12:b0:e2:1a:04:9a:50:64:b7:4c:10:7d:69:1c:ce: 7a:26:27:2f:7d:b1:3a:4e:ad:6b:30:33:9b:12:59: 53:b6:08:0a:9b:70:3b:1c:0c:96:42:0e:64:cf:12: 74:fd:3c:ee:a4:25:67:e8:f5:9b:2f:62:bf:97:08: 41:c8:c3:e0:34:2c:39:87:22:02:97:34:c3:a7:ad: 87:57:5b:4f:a4:af:3b:ab:cc:ed:5c:a1:d7:5a:75: d0:0f:ce:4a:7a:2c:d2:2d:75:f5:46:36:e6:c8:72: 9f:15:6f:88:b9:ab:03:9e:4b:27:33:41:9e:1c:09: 52:04:a5:69:81:e5:49:4c:3e:c1:4a:5f:ef:34:0c: c8:0e:8e:5e:94:69:32:c3:26:e6:44:6d:39:1f:1f: 07:8a:fa:6e:6d:4a:29:7e:b1:7d:45:6c:57:22:a3: b6:4e:69:81:f4:1f:49:4a:28:a1:59:2f:e1:cf:5e: 9e:c0:0f:39:ea:4f:1d:7e:27:a4:ed:97:01:16:fe: d9:29:a5:4f:43:9d:f2:8e:7e:6c:af:74:b0:be:a5: c5:b1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 67:A9:1F:75:3D:C7:30:93:52:B2:89:C6:3B:08:0D:E4:2D:A8:19:D1 Signature Algorithm: sha256WithRSAEncryption 1b:c6:c4:e9:84:63:58:89:17:1f:2b:a5:29:bd:17:02:45:13: 5f:48:dc:81:e2:9b:92:fc:ad:84:84:a5:60:7b:48:80:c9:0a: 46:35:96:24:be:55:fc:ea:5f:e8:74:e3:82:d9:83:07:4b:95: e6:b1:a1:20:8a:53:2e:32:25:51:d2:b5:00:b5:69:de:7f:2c: 3b:40:fe:eb:2b:76:e7:5d:2f:54:b2:c0:22:92:24:3a:ab:46: fd:ce:08:91:4b:89:91:b1:c1:79:a2:f7:b9:d7:bf:ff:f3:47: e7:b6:b2:25:b2:93:42:9a:fc:3f:6d:ca:79:f2:db:e0:59:73: 02:f1:09:8e:d3:f1:79:24:a2:f3:d7:3a:52:11:1c:54:25:e4: c7:c2:ab:17:fa:b7:7c:3a:93:89:10:9a:f1:1f:e5:28:fb:7b: 03:36:21:18:2b:71:35:9b:6e:03:72:83:f1:8e:6c:80:2b:32: f2:fc:81:7c:cd:4b:5a:3c:fa:8a:8d:1a:2b:0b:f5:4f:31:ab: 85:d1:0e:28:86:1e:e6:79:aa:6c:15:fb:e7:7f:41:98:30:1f: 86:54:0c:c8:ca:5a:3c:fa:88:2b:03:be:78:a9:8f:8f:0e:5d: 83:4d:84:71:d2:4b:db:10:07:01:00:0c:84:76:6e:2f:88:e9: aa:8e:06:40 ================================================================================== [root@optim-rhel72-uppu cloudera-scm-agent]# openssl s_client -connect $(grep -v '^#' /etc/cloudera-scm-agent/config.ini | grep "server_host=" | sed s/server_host=//):7182 -CAfile $(grep -v '^#' /etc/cloudera-scm-agent/config.ini | grep "verify_cert_file=" |sed s/verify_cert_file=//) -verify_hostname $(grep -v '^#' /etc/cloudera-scm-agent/config.ini | grep "server_host=" | sed s/server_host=//)</dev/null CONNECTED(00000004) depth=0 C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software verify return:1 140654616340288:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:ssl/record/rec_layer_s3.c:1544:SSL alert number 42 --- Certificate chain 0 s:C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software i:C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software --- Server certificate -----BEGIN CERTIFICATE----- MIIDvTCCAqWgAwIBAgIEWrRA8zANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMC SU4xEjAQBgNVBAgTCUthcm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMQ8wDQYD VQQKEwZVTklDT00xDjAMBgNVBAsTBU9wdGltMTYwNAYDVQQDEy1vcHRpbS1yaGVs NzItdXBwdS5kZXZlbG9wbWVudC51bmljb20uc29mdHdhcmUwHhcNMjAxMDE1MTc1 MTE1WhcNMjEwMTEzMTc1MTE1WjCBjjELMAkGA1UEBhMCSU4xEjAQBgNVBAgTCUth cm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMQ8wDQYDVQQKEwZVTklDT00xDjAM BgNVBAsTBU9wdGltMTYwNAYDVQQDEy1vcHRpbS1yaGVsNzItdXBwdS5kZXZlbG9w bWVudC51bmljb20uc29mdHdhcmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCtt000Zw5/SANaH8z91lubihITPAMruIdj3mbobWZ35Y1mO9uifY0HITiN +xKw4hoEmlBkt0wQfWkcznomJy99sTpOrWswM5sSWVO2CAqbcDscDJZCDmTPEnT9 PO6kJWfo9ZsvYr+XCEHIw+A0LDmHIgKXNMOnrYdXW0+krzurzO1coddaddAPzkp6 LNItdfVGNubIcp8Vb4i5qwOeSyczQZ4cCVIEpWmB5UlMPsFKX+80DMgOjl6UaTLD JuZEbTkfHweK+m5tSil+sX1FbFcio7ZOaYH0H0lKKKFZL+HPXp7ADznqTx1+J6Tt lwEW/tkppU9DnfKOfmyvdLC+pcWxAgMBAAGjITAfMB0GA1UdDgQWBBRnqR91Pccw k1KyicY7CA3kLagZ0TANBgkqhkiG9w0BAQsFAAOCAQEAG8bE6YRjWIkXHyulKb0X AkUTX0jcgeKbkvythISlYHtIgMkKRjWWJL5V/Opf6HTjgtmDB0uV5rGhIIpTLjIl UdK1ALVp3n8sO0D+6yt2510vVLLAIpIkOqtG/c4IkUuJkbHBeaL3ude///NH57ay JbKTQpr8P23KefLb4FlzAvEJjtPxeSSi89c6UhEcVCXkx8KrF/q3fDqTiRCa8R/l KPt7AzYhGCtxNZtuA3KD8Y5sgCsy8vyBfM1LWjz6io0aKwv1TzGrhdEOKIYe5nmq bBX7539BmDAfhlQMyMpaPPqIKwO+eKmPjw5dg02EcdJL2xAHAQAMhHZuL4jpqo4G QA== -----END CERTIFICATE----- subject=C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software issuer=C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software --- Acceptable client certificate CA names C = US, O = Equifax Secure Inc., CN = Equifax Secure Global eBusiness CA-1 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - EC1 C = US, O = SecureTrust Corporation, CN = SecureTrust CA C = JP, O = SECOM Trust.net, OU = Security Communication RootCA1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2 G3 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Trusted Root G4 C = US, O = GeoTrust Inc., CN = GeoTrust Primary Certification Authority C = JP, O = "SECOM Trust Systems CO.,LTD.", OU = Security Communication RootCA2 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority - G2, OU = "(c) 1998 VeriSign, Inc. - For authorized use only", OU = VeriSign Trust Network C = TW, O = "Chunghwa Telecom Co., Ltd.", OU = ePKI Root Certification Authority C = US, O = AffirmTrust, CN = AffirmTrust Commercial C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA C = US, OU = www.xrampsecurity.com, O = XRamp Security Services Inc, CN = XRamp Global Certification Authority C = FI, O = Sonera, CN = Sonera Class2 CA C = US, O = America Online Inc., CN = America Online Root Certification Authority 1 C = US, O = GeoTrust Inc., OU = (c) 2007 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G2 C = US, O = Equifax, OU = Equifax Secure Certificate Authority C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Certification Authority C = US, O = Internet Security Research Group, CN = ISRG Root X1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root C = ZA, ST = Western Cape, L = Durbanville, O = Thawte, OU = Thawte Certification, CN = Thawte Timestamping CA C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority C = EU, O = AC Camerfirma SA CIF A82743287, OU = http://www.chambersign.org, CN = Chambers of Commerce Root C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Hardware C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G3 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Object C = US, O = AffirmTrust, CN = AffirmTrust Networking C = US, O = AffirmTrust, CN = AffirmTrust Premium C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Code Signing Root C = US, O = America Online Inc., CN = America Online Root Certification Authority 2 C = LU, O = LuxTrust s.a., CN = LuxTrust Global Root C = US, O = GeoTrust Inc., OU = (c) 2008 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G3 C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Chambers of Commerce Root - 2008 C = CH, O = SwissSign AG, CN = SwissSign Silver CA - G2 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root CA C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority C = IN, ST = Karnataka, L = Bangalore, O = UNICOM, OU = Optim, CN = optim-rhel72-uppu.development.unicom.software C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 3 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G3 C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Client Authentication and Email C = FR, O = Certplus, CN = Class 2 Primary CA C = US, O = GeoTrust Inc., CN = GeoTrust Global CA C = CH, O = SwissSign AG, CN = SwissSign Platinum CA - G2 OU = GlobalSign ECC Root CA - R5, O = GlobalSign, CN = GlobalSign C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 2 Public Primary Certification Authority - G3 C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Root Certificate Authority - G2 C = US, O = IdenTrust, CN = IdenTrust Public Sector Root CA 1 O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Certification Authority (2048) O = TeliaSonera, CN = TeliaSonera Root CA v1 C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2006 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 1 Public Primary Certification Authority - G3 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2007 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G4 C = US, O = "Entrust, Inc.", OU = www.entrust.net/CPS is incorporated by reference, OU = "(c) 2006 Entrust, Inc.", CN = Entrust Root Certification Authority C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root G2 C = PL, O = Unizeto Sp. z o.o., CN = Certum CA C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Qualified CA Root O = Digital Signature Trust Co., CN = DST Root CA X3 C = NO, O = Buypass AS-983163327, CN = Buypass Class 2 Root CA C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 EV 2009 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root G3 C = CH, O = SwissSign AG, CN = SwissSign Gold CA - G2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust ECC Certification Authority C = US, O = IdenTrust, CN = IdenTrust Commercial Root CA 1 C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2 C = DE, O = Deutsche Telekom AG, OU = T-TeleSec Trust Center, CN = Deutsche Telekom Root CA 2 C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 2009 C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 1 G3 C = US, O = "VeriSign, Inc.", OU = Class 1 Public Primary Certification Authority C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority C = US, O = "VeriSign, Inc.", OU = Class 2 Public Primary Certification Authority - G2, OU = "(c) 1998 VeriSign, Inc. - For authorized use only", OU = VeriSign Trust Network OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5 C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 3 C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2 C = ch, O = Swisscom, OU = Digital Certificate Services, CN = Swisscom Root CA 2 C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 3 G3 C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority C = BM, O = QuoVadis Limited, OU = Root Certification Authority, CN = QuoVadis Root Certification Authority C = FR, O = Certplus, CN = Class 3P Primary CA C = NO, O = Buypass AS-983163327, CN = Buypass Class 3 Root CA C = JP, O = "SECOM Trust Systems CO.,LTD.", OU = Security Communication EV RootCA1 C = US, O = Equifax Secure Inc., CN = Equifax Secure eBusiness CA-1 C = US, O = "thawte, Inc.", OU = "(c) 2007 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA - G2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2008 VeriSign, Inc. - For authorized use only", CN = VeriSign Universal Root Certification Authority C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Class 1 CA Root OU = GlobalSign ECC Root CA - R4, O = GlobalSign, CN = GlobalSign C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Global Chambersign Root - 2008 C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2008 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA - G3 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority C = US, O = GTE Corporation, OU = "GTE CyberTrust Solutions, Inc.", CN = GTE CyberTrust Global Root C = ZA, ST = Western Cape, L = Cape Town, O = Thawte Consulting cc, OU = Certification Services Division, CN = Thawte Premium Server CA, emailAddress = premium-server@thawte.com C = US, O = AffirmTrust, CN = AffirmTrust Premium ECC C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2 C = US, O = "VeriSign, Inc.", OU = Class 1 Public Primary Certification Authority - G2, OU = "(c) 1998 VeriSign, Inc. - For authorized use only", OU = VeriSign Trust Network C = FR, O = KEYNECTIS, OU = ROOT, CN = KEYNECTIS ROOT CA C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2 Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1 Shared Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1 Peer signing digest: SHA256 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 13893 bytes and written 485 bytes Verification: OK Verified peername: optim-rhel72-uppu.development.unicom.software --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 5F9166CED3FCFA9FCB45E702D4D6F2431A88DE484A55569FE07F85A3875A4C10 Session-ID-ctx: Master-Key: CF878F2D7C39306F3FD3F68E821AF532EAE002246903528EAC043A8B8BEBF4CB99DAADE2876BB71F14B330254DDDDEF8 PSK identity: None PSK identity hint: None SRP username: None Start Time: 1603364558 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes ---
... View more
06-29-2020
01:31 AM
@Tulasi For the best information around licensing, I'll refer you to the Cloudera Licensing Policy FAQs page. If you still have questions I suggest using the contact us page of Cloudera.com to connect with sales for further.
... View more
02-12-2019
10:03 AM
Hi @Tulasi, Greate to hear the issue got resolved! I will report internally on this to our documentation team to see how we can improve on it. Thanks, Li
... View more
01-23-2019
11:44 PM
Thanks Ben, will create a new thread.
... View more