Dear Wiki user, You have subscribed to a wiki page or wiki category on "Hadoop Wiki" for change notification.
The "SSLException" page has been changed by bibinchundatt: https://wiki.apache.org/hadoop/SSLException?action=diff&rev1=3&rev2=4 = SSLException = - Indicates some kind of error detected by an SSL subsystem.<<BR>> + Indicates some kind of error detected by an SSL subsystem.<<BR>>In most of the cases it is misconfiguration where keystores didn't contain the correct certificates, the certificate chain was incomplete or the client didn't supply a valid certificate.<<BR>> In case of hadoop the SSL configuration are mainly done in core-site.xml ,ssl-server.xml and ssl-client.xml * ssl-server.xml @@ -19, +19 @@ Each keystore file contains the private key for each certificate, the single truststore file contains all the keys of all certificates. The keystore file is used by the Hadoop HttpServer while the truststore file is used by the client HTTPS connections. - '''SSLHandshakeException''' - - Indicates that the client and server could not negotiate the desired level of security - - *The certificate specified in Server and client mismatch is happening or certificate not available in JKS. - *Recheck the truststore password is correct or not. - *Check SSL truststore location the file is available. - Use the below command to verify in truststore the certificate is available.<<BR>> {{{keytool -list -v -keystore $ALL_JKS -storepass $CLIENT_TRUSTSTORE_PASSWORD}}} - '''SSLKeyException''' - Reports a bad SSL key. + Probable causes for SSLException + *The certificate specified in Server and client mismatch is happening or certificate not available in file. + *Truststore password specified is wrong in xml files. + *In SSL truststore location the file is available. - *Indicates misconfiguration of the server or client SSL certificate and private key. + *Misconfiguration of the server or client SSL certificate and private key. - *Check the hostname in certification is matching with actual server hostname + *Check the hostname in certification is matching with actual server hostname. *Common Name Mismatch or Host name in the URL you’re using for communication not matches one of the common names in the SSL certificate. - - - '''SSLPeerUnverifiedException''' - - Indicates that the peer's identity has not been verified. - *Expired Certificate can be a cause for SSLPeerUnverifiedException *The particular cipher suite being used does not support authentication - *No peer authentication was established during SSL handshaking - '''SSLProtocolException''' - - Reports an error in the operation of the SSL protocol. Normally this indicates a flaw in one of the protocol implementations. -