You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kudu.apache.org by "Adar Dembo (JIRA)" <ji...@apache.org> on 2018/10/03 23:18:00 UTC
[jira] [Updated] (KUDU-2401) External TLS certificate with
Intermediate CA in server cert file fails
[ https://issues.apache.org/jira/browse/KUDU-2401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Adar Dembo updated KUDU-2401:
-----------------------------
Fix Version/s: (was: 1.7.1)
1.8.0
> External TLS certificate with Intermediate CA in server cert file fails
> -----------------------------------------------------------------------
>
> Key: KUDU-2401
> URL: https://issues.apache.org/jira/browse/KUDU-2401
> Project: Kudu
> Issue Type: Bug
> Components: security
> Reporter: Sailesh Mukil
> Assignee: Sailesh Mukil
> Priority: Major
> Labels: security, tls
> Fix For: 1.8.0
>
>
> This was found while using Impala w/ KRPC with external PKI.
> Take 2 certificate files: cert.pem and truststore.pem
> cert.pem has 2 certificates in it:
> A cert for that node (with CN="hostname", and signed by CN=CertToolkitIntCA)
> And the intermediate CA cert (with CN=CertToolkitIntCA, and signed by CN=CertToolkitRootCA)
> truststore.pem has 1 certificate in it:
> A cert which is the root CA (with CN=CertToolkitRootCA, self-signed)
> This format of certificates works with Impala on Thrift but it doesn't work with KRPC.
> Workaround for this issue w/ KRPC turned on:
> If we move the second certificate from cert.pem (CN=CertToolkitIntCA) into truststore.pem, then this seems to work.
> Also TODO: Add a test case that has multiple intermediate CAs. Right now we're testing with only one intermediate CA.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)