hadoop-yarn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonathan Maron (JIRA)" <j...@apache.org>
Subject [jira] [Created] (YARN-2554) Slider AM Web UI is inaccessible if HTTPS/SSL is enabled as the HTTP policy
Date Mon, 15 Sep 2014 14:15:33 GMT
Jonathan Maron created YARN-2554:
------------------------------------

             Summary: Slider AM Web UI is inaccessible if HTTPS/SSL is enabled as the HTTP
policy
                 Key: YARN-2554
                 URL: https://issues.apache.org/jira/browse/YARN-2554
             Project: Hadoop YARN
          Issue Type: Bug
          Components: webapp
    Affects Versions: 2.6.0
            Reporter: Jonathan Maron


If the HTTP policy to enable HTTPS is specified, the RM and AM are initialized with SSL listeners.
 The RM has a web app proxy servlet that acts as a proxy for incoming AM requests.  In order
to forward the requests to the AM the proxy servlet makes use of HttpClient.  However, the
HttpClient utilized is not initialized correctly with the necessary certs to allow for successful
one way SSL invocations to the other nodes in the cluster (it is not configured to access/load
the client truststore specified in ssl-client.xml).   I imagine SSLFactory.createSSLSocketFactory()
could be utilized to create an instance that can be assigned to the HttpClient.

The symptoms of this issue are:

AM: Displays "unknown_certificate" exception
RM:  Displays an exception such as "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target"



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message