You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oozie.apache.org by "Rashmi (Jira)" <ji...@apache.org> on 2021/06/10 14:53:00 UTC
[jira] [Updated] (OOZIE-3625) Unable to bring up oozie with
certificate having wildcards in CN/SAN
[ https://issues.apache.org/jira/browse/OOZIE-3625?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rashmi updated OOZIE-3625:
--------------------------
Attachment: oozie_error.png
> Unable to bring up oozie with certificate having wildcards in CN/SAN
> --------------------------------------------------------------------
>
> Key: OOZIE-3625
> URL: https://issues.apache.org/jira/browse/OOZIE-3625
> Project: Oozie
> Issue Type: Bug
> Components: core, ui
> Affects Versions: 5.2.1
> Environment: oozie 5.2.1
> hadoop 3
> openssl certificate with CN as *.\{DomainName}
> Reporter: Rashmi
> Priority: Major
> Attachments: oozie_error.png
>
>
> {color:#222222}Hi,{color}
>
> I'm trying to bring up oozie on a kerberized dataproc cluster. (Non HA mode)
> The ssl certificate that I use has CN as *.Domain.
>
> I get below error in oozie logs on start up.
>
> 2021-06-10 14:26:53,628 ERROR EmbeddedOozieServer:285 - SERVER[XXXXXl] Could not start EmbeddedOozieServer! Error message: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
> 2021-06-10 14:26:53,633 INFO EmbeddedOozieServer:240 - SERVER[XXXX] Shutting down.
> 2021-06-10 14:26:53,644 INFO Services:520 - SERVER[XXXX] Shutdown.
>
> The oozie EmbeddedOozieServer.java class uses SslContextfactory. Jetty server needs SslContextfactory.Server for certificates which use wildcards in CN/SAN.
> Please help.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)