Rashmi created OOZIE-3625:
-----------------------------
Summary: Unable to bring up oozie with certificate having
wildcards in CN/SAN
Key: OOZIE-3625
URL: https://issues.apache.org/jira/browse/OOZIE-3625
Project: Oozie
Issue Type: Bug
Components: core, ui
Affects Versions: 5.2.1
Environment: oozie 5.2.1
hadoop 3
openssl certificate with CN as *.\{DomainName}
Reporter: Rashmi
{color:#222222}Hi,{color}
I'm trying to bring up oozie on a kerberized dataproc cluster. (Non HA mode)
The ssl certificate that I use has CN as *.Domain.
I get below error in oozie logs on start up.
2021-06-10 14:26:53,628 ERROR EmbeddedOozieServer:285 - SERVER[XXXXXl] Could
not start EmbeddedOozieServer! Error message: KeyStores with multiple
certificates are not supported on the base class
org.eclipse.jetty.util.ssl.SslContextFactory. (Use
org.eclipse.jetty.util.ssl.SslContextFactory$Server or
org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
2021-06-10 14:26:53,633 INFO EmbeddedOozieServer:240 - SERVER[XXXX] Shutting
down.
2021-06-10 14:26:53,644 INFO Services:520 - SERVER[XXXX] Shutdown.
The oozie EmbeddedOozieServer.java class uses SslContextfactory. Jetty server
needs SslContextfactory.Server for certificates which use wildcards in CN/SAN.
Please help.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
