ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erin Boyd <>
Subject Re: ssl changes recently?
Date Wed, 07 Jan 2015 20:54:21 GMT
When do you get this error? During registration or some other time?


----- Original Message -----
From: "Greg Hill" <>
To: "Erin Boyd" <>,
Sent: Wednesday, January 7, 2015 1:52:03 PM
Subject: Re: ssl changes recently?

[root@ambari ~]# rpm -qa | grep openssl

We apparently have an even newer version.  Perhaps they broke something
else more recently?  We just spun up this image yesterday with the latest
CentOS 6.5 stuff.


On 1/7/15 2:48 PM, "Erin Boyd" <> wrote:

>Hey Greg,
>On RHEL 6.5 we got a similar error during agent registration.
>Here is the workaround:
>Hope that helps,
>----- Original Message -----
>From: "Greg Hill" <greg.hill@RACKSPACE.COM>
>Sent: Wednesday, January 7, 2015 1:44:40 PM
>Subject: ssl changes recently?
>I sent this to the wrong list earlier.
>I recently updated our Ambari 1.7.0 image and am now getting SSL errors
>from the agents:
>INFO 2015-01-07 16:59:02,116 - Connecting to
>ERROR 2015-01-07 16:59:02,645 - [SSL:
>CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
>ERROR 2015-01-07 16:59:02,646 - SSLError: Failed to
>connect. Please check openssl library versions.
>Refer to: for more
>WARNING 2015-01-07 16:59:02,651 - Server at
>https://ambari.local:8440<https://ambari.local:8440/> is not reachable,
>sleeping for 10 secondsÅ 
>We're just using the default SSL certs that Ambari creates for agent
>communication.  This worked up until we made this new image, which pull
>in upstream CentOS system updates.
>Is it possible that some change in upstream has broken this for Ambari?
>Is there a workaround?
>I have noticed that the "server_crt" (/var/lib/ambari-agent/keys/ca.crt)
>does not exist on the hosts.  Is this something I'm supposed to inject?
>We weren't before, but it was working just fine without it.

View raw message