Sailesh Mukil created IMPALA-6806: ------------------------------------- Summary: TLS certificate with Intermediate CA in server cert file fails with KRPC Key: IMPALA-6806 URL: https://issues.apache.org/jira/browse/IMPALA-6806 Project: IMPALA Issue Type: Bug Components: Security Affects Versions: Impala 2.12.0 Reporter: Sailesh Mukil Assignee: Sailesh Mukil
Take 2 certificate files: cert.pem and truststore.pem cert.pem has 2 certificates in it: A cert for that node (with CN="hostname", and signed by CN=CertToolkitIntCA) And the intermediate CA cert (with CN=CertToolkitIntCA, and signed by CN=CertToolkitRootCA) truststore.pem has 1 certificate in it: A cert which is the root CA (with CN=CertToolkitRootCA, self-signed) This format of certificates don't seem to verify on the OpenSSL command line but works with Thrift. This also doesn't work with KRPC. Workaround for this issue w/ KRPC turned on: If we move the second certificate from cert.pem (CN=CertToolkitIntCA) into truststore.pem, then this seems to work. We'll need to dig into whether this is a PEM file format issue, or a KRPC issue. But the above workaround should unblock us for now. -- This message was sent by Atlassian JIRA (v7.6.3#76005)