You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@knox.apache.org by Rajesh Chandramohan <ra...@yahoo.com> on 2016/09/02 16:51:02 UTC
Knox configured to access webhdfs exposed via SSL
Hi Knox-users,
We have a use case as our secured cluster planning to block http url for webhdfs and only exposing https url as : https://cluster-mud-nn-2.ambari.com:50070/webhdfs/v1/?op=LISTSTATUS In that case while we access webhdfs via knox its throwing exception for SSL invalid certificate path.
So do we need to import namenodes ssl signed certificate(.cer files) to knox host ../security/cacerts file right ? Or what we should do to make knox work to access https: webhdfs link.
topology/ambari.xml========== <service> <role>NAMENODE</role> <url>hdfs:/cluster-mud-nn.ambari.com:8020</url> </service>
<service> <role>WEBHDFS</role> <url>https://cluster-mud-nn.ambari.com:50070/webhdfs</url> <url>https://cluster-mud-nn-2.ambari.com:50070/webhdfs</url> </service>-----------
==============SSL error====2016-08-31 00:26:46,285 WARN hadoop.gateway (DefaultDispatch.java:executeOutboundRequest(132)) - Connection exception dispatching request: https://cluster-mud-nn-2.ambari.com:50070/webhdfs/v1/?op=LISTSTATUS&doAs=appmon javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetjavax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) Thanks\Rajesh