incubator-ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Cody <>
Subject Re: problem with the registration step
Date Wed, 24 Jul 2013 06:32:24 GMT
the problem appears to be that for some reason, the SSL cert generated and
signed by the ambari server as it starts up is invalid until tomorrow ..

openssl x509 -noout -in /var/lib/ambari-server/keys/ca.crt ­dates

notBefore=Jul 24 04:41:20 2013 GMT
notAfter=Jul 24 04:41:20 2014 GMT

which is really strange as the system date/time on my server seems to be set

Anyone seen anything like this before?

(the version of openssl I've got on my RH6.4 x64 box is:
openssl-1.0.0-27.el6.x86_64, ambari codebase v1.2.4)

From:  Aaron Cody <>
Reply-To:  <>
Date:  Tuesday, July 23, 2013 1:39 PM
To:  "" <>
Subject:  Re: problem with the registration step

looks like the agent is failing to connect back to the master because of
some SSL cert problem??


curl: (60) Peer certificate cannot be authenticated with known CA
More details here:

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

any ideas how to rectify this?

From:  Aaron Cody <>
Reply-To:  <>
Date:  Tuesday, July 23, 2013 1:28 PM
To:  "" <>
Subject:  Re: problem with the registration step

attached - thanks

From:  Siddharth Wagle <>
Reply-To:  ""
Date:  Tuesday, July 23, 2013 1:00 PM
To:  "" <>
Subject:  Re: problem with the registration step

Hi Aaron,

Could you correlate this message with the server logs and provide them?
If you stop and start the agent you should be able to capture the error if
any on the server side.

To turn on debugging on the agent, edit
also turning on debugging on the server site might help.


On Tue, Jul 23, 2013 at 12:27 PM, Aaron Cody <> wrote:
> Any ideas what might be causing this?
> * I am using FQDNs and I can passwordless-SSH from master to all slave
> machinesŠ
> * RedHat 6.4
> Registration fails:
> self.httpsconn.connect()\n File
> \"/usr/lib/python2.6/site-packages/ambari_agent/\", line 63, in
> connect\n ca_certs=server_crt)\n File \"/usr/lib64/python2.6/\", line
> 338, in wrap_socket\n suppress_ragged_eofs=suppress_ragged_eofs)\n File
> \"/usr/lib64/python2.6/\", line 118, in __init__\n cert_reqs,
> ssl_version, ca_certs)\nSSLError: [Errno 336445442] _ssl.c:353:
> error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib\n',
> None)\n\nSTDERR\nConnection to
> <>  closed.\nRegistering with the
> server...\nRegistration with the server failed."}]

View raw message