AnsweredAssumed Answered

connect to secure cluster from unsecure cluster

Question asked by karthik474 on Jan 9, 2018
Latest reply on Jan 9, 2018 by maprcommunity

Hi Team,

 

I have configured below to connect to secure cluster from an unsecure mapr cluster,

 

  •  Copy the /opt/mapr/conf/ssl_truststore from secure cluster to one node on unsecure cluster under /var/tmp.
  • On unsecure cluster node, merge the trust store of both clusters as below,
    • /opt/mapr/server/manageSSLKeys.sh merge /var/tmp/ssl_truststore /opt/mapr/conf/ssl_truststore.
  • After the merging Copy the new /opt/mapr/conf/ssl_truststore to all nodes in the unsecure cluster.

same works fine when i do on client node not part of cluster, but doesn't work on a cluster node.

 

when run 'maprlogin password' as below,

 

maprlogin password -cluster secure_cluster
[Password for user 'user1' at cluster 'secure_cluster': ]
Unable to connect to any of the cluster's CLDBs. CLDBs tried: cldb1:7443, cldb2:7443, cldb3:7443. Please check your cluster configuration.

 

I am getting below error,

 

2018-01-09 10:39:11,758 WARN com.mapr.login.client.MapRLoginHttpsClient [main]: Unable to open connection to cldb at https://<cldbnode>:7443/login/password
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at com.mapr.login.client.MapRLoginHttpsClient.getCLDBConnection(MapRLoginHttpsClient.java:994)
at com.mapr.login.client.MapRLoginHttpsClient.authenticateWithMapRCluster(MapRLoginHttpsClient.java:720)
at com.mapr.login.client.MapRLoginHttpsClient.getMapRCredentialsViaPassword(MapRLoginHttpsClient.java:307)
at com.mapr.login.MapRLogin.execute(MapRLogin.java:583)
at com.mapr.login.MapRLogin.main(MapRLogin.java:649)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
... 15 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 21 more

 

appreciate any help here.

 

also i was not able find any documentation on 'connectivity from unsecure to secured', please point me the page if there is one.

 

all i found was 'connectivity from secure to secured': Running Commands on Remote Secure Clusters  ( which i have applied to above).

 

Thanks,

karthik

Outcomes