Hi Knox-users,
We have a use case as our secured cluster planning to block http url for webhdfs and only
exposing https url as : https://cluster-mud-nn-2.ambari.com:50070/webhdfs/v1/?op=LISTSTATUS In
that case while we access webhdfs via knox its throwing exception for SSL invalid certificate
path.
So do we need to import namenodes ssl signed certificate(.cer files) to knox host ../security/cacerts
file right ? Or what we should do to make knox work to access https: webhdfs link.
topology/ambari.xml========== <service> <role>NAMENODE</role>
<url>hdfs:/cluster-mud-nn.ambari.com:8020</url> </service>
<service> <role>WEBHDFS</role> <url>https://cluster-mud-nn.ambari.com:50070/webhdfs</url>
<url>https://cluster-mud-nn-2.ambari.com:50070/webhdfs</url> </service>-----------
==============SSL error====2016-08-31 00:26:46,285 WARN hadoop.gateway (DefaultDispatch.java:executeOutboundRequest(132))
- Connection exception dispatching request: https://cluster-mud-nn-2.ambari.com:50070/webhdfs/v1/?op=LISTSTATUS&doAs=appmon
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path
building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested targetjavax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) Thanks\Rajesh
|