[
https://issues.apache.org/jira/browse/OOZIE-3625?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rashmi updated OOZIE-3625:
--------------------------
Description:
{color:#222222}Hi,{color}
I'm trying to bring up oozie on a kerberized dataproc cluster. (Non HA mode)
The ssl certificate that I use has CN as *.Domain.
I get below error in oozie logs on start up.
2021-06-10 14:26:53,628 ERROR EmbeddedOozieServer:285 - SERVER[XXXXXl] Could
not start EmbeddedOozieServer! Error message: KeyStores with multiple
certificates are not supported on the base class
org.eclipse.jetty.util.ssl.SslContextFactory. (Use
org.eclipse.jetty.util.ssl.SslContextFactory$Server or
org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
2021-06-10 14:26:53,633 INFO EmbeddedOozieServer:240 - SERVER[XXXX] Shutting
down.
2021-06-10 14:26:53,644 INFO Services:520 - SERVER[XXXX] Shutdown.
The oozie EmbeddedOozieServer.java class uses SslContextfactory. Jetty server
needs SslContextfactory.Server for certificates which use wildcards in CN/SAN.
The certificate has only one entry. The error is because of use of wildcards.
Refer to attached Jetty and oozie sourceCode snippets.
Please help.
was:
{color:#222222}Hi,{color}
I'm trying to bring up oozie on a kerberized dataproc cluster. (Non HA mode)
The ssl certificate that I use has CN as *.Domain.
I get below error in oozie logs on start up.
2021-06-10 14:26:53,628 ERROR EmbeddedOozieServer:285 - SERVER[XXXXXl] Could
not start EmbeddedOozieServer! Error message: KeyStores with multiple
certificates are not supported on the base class
org.eclipse.jetty.util.ssl.SslContextFactory. (Use
org.eclipse.jetty.util.ssl.SslContextFactory$Server or
org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
2021-06-10 14:26:53,633 INFO EmbeddedOozieServer:240 - SERVER[XXXX] Shutting
down.
2021-06-10 14:26:53,644 INFO Services:520 - SERVER[XXXX] Shutdown.
The oozie EmbeddedOozieServer.java class uses SslContextfactory. Jetty server
needs SslContextfactory.Server for certificates which use wildcards in CN/SAN.
Please help.
> Unable to bring up oozie with certificate having wildcards in CN/SAN
> --------------------------------------------------------------------
>
> Key: OOZIE-3625
> URL: https://issues.apache.org/jira/browse/OOZIE-3625
> Project: Oozie
> Issue Type: Bug
> Components: core, ui
> Affects Versions: 5.2.1
> Environment: oozie 5.2.1
> hadoop 3
> openssl certificate with CN/SAN as *.\{DomainName}
> Reporter: Rashmi
> Priority: Major
> Attachments: oozie_error.png
>
>
> {color:#222222}Hi,{color}
>
> I'm trying to bring up oozie on a kerberized dataproc cluster. (Non HA mode)
> The ssl certificate that I use has CN as *.Domain.
>
> I get below error in oozie logs on start up.
>
> 2021-06-10 14:26:53,628 ERROR EmbeddedOozieServer:285 - SERVER[XXXXXl] Could
> not start EmbeddedOozieServer! Error message: KeyStores with multiple
> certificates are not supported on the base class
> org.eclipse.jetty.util.ssl.SslContextFactory. (Use
> org.eclipse.jetty.util.ssl.SslContextFactory$Server or
> org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
> 2021-06-10 14:26:53,633 INFO EmbeddedOozieServer:240 - SERVER[XXXX]
> Shutting down.
> 2021-06-10 14:26:53,644 INFO Services:520 - SERVER[XXXX] Shutdown.
>
> The oozie EmbeddedOozieServer.java class uses SslContextfactory. Jetty
> server needs SslContextfactory.Server for certificates which use wildcards in
> CN/SAN.
> The certificate has only one entry. The error is because of use of wildcards.
> Refer to attached Jetty and oozie sourceCode snippets.
> Please help.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
