Return-Path: X-Original-To: apmail-ambari-user-archive@www.apache.org Delivered-To: apmail-ambari-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3D885109D0 for ; Fri, 6 Dec 2013 18:31:52 +0000 (UTC) Received: (qmail 98796 invoked by uid 500); 6 Dec 2013 18:31:52 -0000 Delivered-To: apmail-ambari-user-archive@ambari.apache.org Received: (qmail 98746 invoked by uid 500); 6 Dec 2013 18:31:51 -0000 Mailing-List: contact user-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@ambari.apache.org Delivered-To: mailing list user@ambari.apache.org Received: (qmail 98738 invoked by uid 99); 6 Dec 2013 18:31:51 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Dec 2013 18:31:51 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of roshanp@gmail.com designates 74.125.82.172 as permitted sender) Received: from [74.125.82.172] (HELO mail-we0-f172.google.com) (74.125.82.172) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Dec 2013 18:31:44 +0000 Received: by mail-we0-f172.google.com with SMTP id w62so1070627wes.17 for ; Fri, 06 Dec 2013 10:31:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=LA5ZrL8yjk2hPBVXkO6Uf4qyXdvgpxa+OumShDiAaxk=; b=gpwERMeeJC+z+LD1YuA5yVXLm+DAv8Tsv0TU2WKVlnHrl4pISLkQ86ES//MAmQw25f PTC93hVhDSuK4shT1dm051Hu4qiXJLmxPZw3dKVI5W51BB1pZxITnJ0IaJ5sd06qHLU3 W0DNXsfYdCpw816pRP5R9uOFpz46Q7istEi2DdICn2vhg+4effGE2gxt30hliNKNnaqm CcL3Y3Esf9O0ZB7DDp6WuX8zlekoN2DuS4LMjAzEkFrOxbDK7igdy5JZRajxMukGFbRS ePLk/LZ18TGd+9T6LKY0AEH+xFtbX3hUf/WJ0Lm3VtHC9J5K/TM0Q0B3Tq4yjA4qDgjO c2cw== MIME-Version: 1.0 X-Received: by 10.194.175.133 with SMTP id ca5mr4475455wjc.19.1386354684262; Fri, 06 Dec 2013 10:31:24 -0800 (PST) Received: by 10.194.120.168 with HTTP; Fri, 6 Dec 2013 10:31:24 -0800 (PST) Date: Fri, 6 Dec 2013 13:31:24 -0500 Message-ID: Subject: SSL issue From: Roshan Punnoose To: user@ambari.apache.org Content-Type: multipart/alternative; boundary=089e01493c5a7d051604ece1dab3 X-Virus-Checked: Checked by ClamAV on apache.org --089e01493c5a7d051604ece1dab3 Content-Type: text/plain; charset=ISO-8859-1 I have a cluster of about 6 nodes, half of which suddenly cannot connect to my ambari-server at https://:8440. The others can connect and heartbeat without an issue. I noticed that if I run: openssl s_client -connect :8440, it doesn't work either on the defective machines, but does work on the others. My initial thought is that the ambari-server and agent certs have diverged, and the agent cert needs to be resigned. I know during the host registration period, the server will sign the client cert; however, I am performing manual registration of my hosts, is that still the case? Roshan --089e01493c5a7d051604ece1dab3 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

I have a cluster of about 6 nodes, half of which suddenly = cannot connect to my ambari-server at https://<ambari-server>:8440. T= he others can connect and heartbeat without an issue.

I = noticed that if I run:=A0openssl s_client -connect <host>:8440, it do= esn't work either on the defective machines, but does work on the other= s.

My initial thought is that the ambari-server and agent = certs have diverged, and the agent cert needs to be resigned. I know during= the host registration period, the server will sign the client cert; howeve= r, I am performing manual registration of my hosts, is that still the case?=

Roshan

--089e01493c5a7d051604ece1dab3--