AnsweredAssumed Answered

Using custom certificates to secure cluster

Question asked by ligaroba on Feb 10, 2018
Latest reply on Mar 6, 2018 by keysbotzum

Hi Community Manager

 

We trying to secure cluster using custom signed certificates. We have added the certs to keystore in jks format then rerun the configure.sh script but CLDB fails with the error below 

 

 

2018-02-10 13:31:25,211 INFO Login [main-SendThread(10.204.5.25181)]: successfully logged in.
2018-02-10 13:31:25,213 INFO ActiveContainersMap [main]: Caching a max of 3071602 containers in cache
2018-02-10 13:31:25,214 INFO ZooKeeperSaslClient [main-SendThread(10.204.5.2:5181)]: Client will use MAPR-SECURITY as SASL mechanism.
2018-02-10 13:31:25,216 INFO ClientCnxn [main-SendThread(10.204.5.2:5181)]: Opening socket connection to server 10.204.5.2:5181. Will attempt to SASL-authenticate using Login Context section 'Client'
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.init(FileBasedKeyStoresFactory.java:171)
at org.apache.hadoop.security.ssl.SSLFactory.init(SSLFactory.java:131)
at org.apache.hadoop.http.HttpServer.createSslFactory(HttpServer.java:313)
at org.apache.hadoop.http.HttpServer.createSslSocketConnector(HttpServer.java:295)
at com.mapr.fs.cldb.http.HttpServer.createHttpsListener(HttpServer.java:97)
at com.mapr.fs.cldb.http.HttpServer.<init>(HttpServer.java:57)
at com.mapr.fs.cldb.CLDBServer.initHttpServer(CLDBServer.java:1180)
at com.mapr.fs.cldb.CLDBServer.initCLDBServer(CLDBServer.java:1095)
at com.mapr.fs.cldb.CLDB.<init>(CLDB.java:86)
at com.mapr.fs.cldb.CLDB.main(CLDB.java:390)
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)
... 14 more

Outcomes