Hi all, I have an S3 instance I am trying to connect to, that uses self-signed certificates. When querying, I get an "SSLPeerUnverifiedException" (log provided below)
After doing some reading I found: "Your client's truststore doesn't trust your server's certificate. You need to get it exported from the server's keystore and imported into your client's truststore." So I got the certificate chain - root CA and intermediate certificates bundled file (Certificate has been issued against wildcard entry *. s3instance.ourhostname.com so it should be applied for bucketname.s3instance.ourhostname.com - as the s3a client library expects to communicate). Then, followed the steps here: https://drill.apache.org/docs/configuring-ssl-tls-for-encryption/#configuring-ssl/tls and updated the drill-override.conf which now looks like: drill.exec: { cluster-id: "drillbits1", zk.connect: "zookeeper-service:2181", ssl: { trustStorePath: "/certif/our_s3instance_cacert_file.crt" } } I still keep getting SSLPeerUnverifiedException. Am I missing something here? Or am I referring to an incorrect section of the documentation? Please advise. Thank you, Kind regards, Vedant *Error log (omitting seemingly unnecessary lines):* [Error Id: 9b9a5de3-7252-443c-9305-9b0b0b3de271 on 3c6cf6857ad2:31010] org.apache.drill.common.exceptions.UserException: SYSTEM ERROR: SSLPeerUnverifiedException: peer not authenticated [Error Id: 9b9a5de3-7252-443c-9305-9b0b0b3de271 on 3c6cf6857ad2:31010] at org.apache.drill.common.exceptions.UserException$Builder.build(UserException.java:633) ~[drill-common-1.14.0.jar:1.14.0] at org.apache.drill.exec.work.foreman.Foreman$ForemanResult.close(Foreman.java:761) [drill-java-exec-1.14.0.jar:1.14.0] ... Caused by: org.apache.drill.exec.work.foreman.ForemanException: *Unexpected exception during fragment initialization: Unable to execute HTTP request: peer not authenticated* at org.apache.drill.exec.work.foreman.Foreman.run(Foreman.java:294) [drill-java-exec-1.14.0.jar:1.14.0] ... 3 common frames omitted Caused by: com.amazonaws.AmazonClientException: *Unable to execute HTTP request: peer not authenticated* at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:454) ~[aws-java-sdk-1.7.4.jar:na] at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:232) ~[aws-java-sdk-1.7.4.jar:na] at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3528) ~[aws-java-sdk-1.7.4.jar:na] at com.amazonaws.services.s3.AmazonS3Client.headBucket(AmazonS3Client.java:1031) ~[aws-java-sdk-1.7.4.jar:na] at com.amazonaws.services.s3.AmazonS3Client.doesBucketExist(AmazonS3Client.java:994) ~[aws-java-sdk-1.7.4.jar:na] at org.apache.hadoop.fs.s3a.S3AFileSystem.initialize(S3AFileSystem.java:297) ~[hadoop-aws-2.7.1.jar:na] at org.apache.hadoop.fs.FileSystem.createFileSystem(FileSystem.java:2653) ~[hadoop-common-2.7.1.jar:na] ... at org.apache.drill.exec.work.foreman.Foreman.runSQL(Foreman.java:567) [drill-java-exec-1.14.0.jar:1.14.0] at org.apache.drill.exec.work.foreman.Foreman.run(Foreman.java:266) [drill-java-exec-1.14.0.jar:1.14.0] ... 3 common frames omitted Caused by: *javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated* at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:440) ~[na:1.8.0_181] at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126) ~[httpclient-4.2.5.jar:4.2.5] at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:437) ~[httpclient-4.2.5.jar:4.2.5] at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) ~[httpclient-4.2.5.jar:4.2.5] at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294) ~[httpclient-4.2.5.jar:4.2.5] at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:643) ~[httpclient-4.2.5.jar:4.2.5] at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479) ~[httpclient-4.2.5.jar:4.2.5] at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) ~[httpclient-4.2.5.jar:4.2.5] at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) ~[httpclient-4.2.5.jar:4.2.5] at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:384) ~[aws-java-sdk-1.7.4.jar:na] ... 36 common frames omitted