Dear Wiki user, You have subscribed to a wiki page or wiki category on "Hadoop Wiki" for change notification.
The "SSLException" page has been changed by bibinchundatt: https://wiki.apache.org/hadoop/SSLException?action=diff&rev1=1&rev2=2 - = SSLException =; + = SSLException = + Indicates some kind of error detected by an SSL subsystem.<<BR>> + In case of hadoop the SSL configuration are mainly done in core-site.xml ,ssl-server.xml and ssl-client.xml + + * ssl-server.xml + * ssl.server.truststore.location + * ssl.server.truststore.password + * ssl.server.keystore.location + * ssl.server.keystore.keypassword + * ssl-client.xml + * ssl.client.truststore.location + * ssl.client.truststore.password + * ssl.client.keystore.location + * ssl.client.keystore.keypassword + + Each keystore file contains the private key for each certificate, the single truststore file contains all the keys of all certificates. + The keystore file is used by the Hadoop HttpServer while the truststore file is used by the client HTTPS connections. + + '''SSLHandshakeException''' + + Indicates that the client and server could not negotiate the desired level of security + + *The certificate specified in Server and client mismatch is happening or certificate not available in JKS. + *Recheck the truststore password and is correct or not. + *Check SSL truststore location the file is not available. + + Use the below command to verify in truststore the certificate is available.<<BR>> + {{{keytool -list -v -keystore $ALL_JKS -storepass $CLIENT_TRUSTSTORE_PASSWORD}}} + + '''SSLKeyException''' + + Reports a bad SSL key. + + *Indicates misconfiguration of the server or client SSL certificate and private key. + *Check the hostname in certification is matching with actual server hostname + *Common Name Mismatch or Host name in the URL you’re using for communication not matches one of the common names in the SSL certificate. + + + '''SSLPeerUnverifiedException''' + + Indicates that the peer's identity has not been verified. + + *Expired Certificate can be a cause for SSLPeerUnverifiedException + *The particular cipher suite being used does not support authentication + *No peer authentication was established during SSL handshaking + + '''SSLProtocolException''' + + Reports an error in the operation of the SSL protocol. Normally this indicates a flaw in one of the protocol implementations. +
