Sailesh Mukil created KUDU-2401:
-----------------------------------
Summary: External TLS certificate with Intermediate CA in server
cert file fails
Key: KUDU-2401
URL: https://issues.apache.org/jira/browse/KUDU-2401
Project: Kudu
Issue Type: Bug
Components: security
Reporter: Sailesh Mukil
Assignee: Sailesh Mukil
This was found while using Impala w/ KRPC with external PKI.
Take 2 certificate files: cert.pem and truststore.pem
cert.pem has 2 certificates in it:
A cert for that node (with CN="hostname", and signed by CN=CertToolkitIntCA)
And the intermediate CA cert (with CN=CertToolkitIntCA, and signed by
CN=CertToolkitRootCA)
truststore.pem has 1 certificate in it:
A cert which is the root CA (with CN=CertToolkitRootCA, self-signed)
This format of certificates works with Impala on Thrift but it doesn't work
with KRPC.
Workaround for this issue w/ KRPC turned on:
If we move the second certificate from cert.pem (CN=CertToolkitIntCA) into
truststore.pem, then this seems to work.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
