hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Hadoop Wiki] Update of "SSLException" by bibinchundatt
Date Sun, 12 Jul 2015 16:33:50 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Hadoop Wiki" for change notification.

The "SSLException" page has been changed by bibinchundatt:
https://wiki.apache.org/hadoop/SSLException?action=diff&rev1=1&rev2=2

- = SSLException =;
+ = SSLException =
  
+ Indicates some kind of error detected by an SSL subsystem.<<BR>>
+ In case of hadoop the SSL configuration are mainly done in core-site.xml ,ssl-server.xml
and ssl-client.xml
+ 
+  * ssl-server.xml
+ 	* ssl.server.truststore.location
+ 	* ssl.server.truststore.password
+ 	* ssl.server.keystore.location
+ 	* ssl.server.keystore.keypassword
+  * ssl-client.xml
+ 	* ssl.client.truststore.location
+ 	* ssl.client.truststore.password
+ 	* ssl.client.keystore.location
+ 	* ssl.client.keystore.keypassword
+ 
+ Each keystore file contains the private key for each certificate, the single truststore
file contains all the keys of all certificates. 
+ The keystore file is used by the Hadoop HttpServer while the truststore file is used by
the client HTTPS connections.
+ 
+ '''SSLHandshakeException'''
+ 
+ Indicates that the client and server could not negotiate the desired level of security
+ 
+  *The certificate specified in Server and client mismatch is happening or certificate not
available in JKS.
+  *Recheck the truststore password and is correct or not.
+  *Check SSL truststore location the file is not available.
+ 
+ Use the below command to verify in truststore the certificate is available.<<BR>>
+ {{{keytool -list -v -keystore $ALL_JKS -storepass $CLIENT_TRUSTSTORE_PASSWORD}}}
+ 
+ '''SSLKeyException'''
+ 
+ Reports a bad SSL key.
+ 
+  *Indicates misconfiguration of the server or client SSL certificate and private key.
+  *Check the hostname in certification is matching with actual server hostname
+  *Common Name Mismatch or Host name in the URL you’re using for communication not matches
one of the common names in the SSL certificate.
+ 
+ 
+ '''SSLPeerUnverifiedException'''
+ 
+ Indicates that the peer's identity has not been verified.
+ 
+  *Expired Certificate can be a cause for SSLPeerUnverifiedException
+  *The particular cipher suite being used does not support authentication
+  *No peer authentication was established during SSL handshaking
+ 
+ '''SSLProtocolException'''
+ 
+ Reports an error in the operation of the SSL protocol. Normally this indicates a flaw in
one of the protocol implementations.
+ 

Mime
View raw message