knox-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rajesh Chandramohan <rajesh_ym...@yahoo.com.INVALID>
Subject Knox configured to access webhdfs exposed via SSL
Date Fri, 02 Sep 2016 16:51:02 GMT
Hi  Knox-users,
We have a use case as our secured cluster planning to block http url for webhdfs and only
exposing https url as : https://cluster-mud-nn-2.ambari.com:50070/webhdfs/v1/?op=LISTSTATUS In
that case while we access webhdfs via knox its throwing exception for SSL invalid certificate
path.
 So do we need to import namenodes ssl signed certificate(.cer files)  to knox  host  ../security/cacerts
file right ? Or what we should do to make knox work to access https: webhdfs link.

topology/ambari.xml==========    <service>        <role>NAMENODE</role> 
      <url>hdfs:/cluster-mud-nn.ambari.com:8020</url>    </service>
    <service>        <role>WEBHDFS</role>        <url>https://cluster-mud-nn.ambari.com:50070/webhdfs</url> 
      <url>https://cluster-mud-nn-2.ambari.com:50070/webhdfs</url>    </service>-----------
==============SSL error====2016-08-31 00:26:46,285 WARN  hadoop.gateway (DefaultDispatch.java:executeOutboundRequest(132))
- Connection exception dispatching request: https://cluster-mud-nn-2.ambari.com:50070/webhdfs/v1/?op=LISTSTATUS&doAs=appmon
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path
building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested targetjavax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)  Thanks\Rajesh

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message