[
https://issues.apache.org/jira/browse/AMBARI-25413?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16974114#comment-16974114
]
Aashish Bathla commented on AMBARI-25413:
-----------------------------------------
https://github.com/apache/ambari/blob/97a6bc8b389fa5cfb73c87392af91e2d4d405ae3/ambari-server/src/main/python/ambari_server/serverConfiguration.py#L413-L415
> Ambari is changing the truststore permission from 444/644 to 640.
> -----------------------------------------------------------------
>
> Key: AMBARI-25413
> URL: https://issues.apache.org/jira/browse/AMBARI-25413
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.7.4
> Reporter: Aashish Bathla
> Priority: Major
>
> When running ambari-server setup-security and choosing '[1] Enable HTTPS for
> Ambari server.' we give the following information:
> Do you want to disable HTTPS [y/n] (n)? n
> SSL port [8080] ? 8080
> Enter path to Certificate: <Certificate File>
> Enter path to Private Key: <Key File>
> Please enter password for Private Key: <empty>
> Generating random password for HTTPS keystore...done.
> Importing and saving Certificate...done.
> Thereafter Unix permission of the systemwide Java truststore
> /var/lib/ca-certificates/java-cacerts are changed from mode 444 to 640.
> In consequence Applications do not start anymore because the truststore is
> not world readable. It's creating impact on applications which is run by
> other users.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
