Hi Guys, Can anyone please provide me solution to my queries.
On Jun 8, 2017 11:30 PM, "Vinay Patil" <vinay18.pa...@gmail.com> wrote: > Hi Guys, > > I am able to setup SSL correctly, however the following command does not > work correctly and results in the error I had mailed earlier > > flink run -m yarn-cluster -yt deploy-keys/ TestJob.jar > > > Few Doubts: > 1. Can anyone please explain me how do you test if SSL is working > correctly ? Currently I am just relying on the logs. > > 2. Wild Card is not working with the keytool command, can you please let > me know what is the issue with the following command: > keytool -genkeypair -alias ca -keystore: -ext SAN=dns:node1.* > > > Regards, > Vinay Patil > > On Mon, Jun 5, 2017 at 8:43 PM, vinay patil [via Apache Flink User Mailing > List archive.] <ml+s2336050n13490...@n4.nabble.com> wrote: > >> Hi Gordon, >> >> The yarn session gets created when I try to run the following command: >> yarn-session.sh -n 4 -s 2 -jm 1024 -tm 3000 -d --ship deploy-keys/ >> >> However when I try to access the Job Manager UI, it gives me exception as >> : >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: >> PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: >> unable to find valid certification path to requested target >> >> I am able to see the Job Manager UI when I imported the CA certificate >> to java truststore on EMR master node : >> keytool -keystore /etc/alternatives/jre/lib/security/cacerts -importcert >> -alias FLINKSSL -file ca.cer >> >> >> Does this mean that SSL is configured correctly ? I can see in the Job >> Manager configurations and also in th e logs. Is there any other way to >> verify ? >> >> Also the keystore and truststore password should be masked in the logs >> which is not case. >> >> >> >> >> >> >> *2017-06-05 14:51:31,135 INFO >> org.apache.flink.configuration.GlobalConfiguration - Loading >> configuration property: security.ssl.enabled, true 2017-06-05 14:51:31,136 >> INFO org.apache.flink.configuration.GlobalConfiguration - >> Loading configuration property: security.ssl.keystore, >> deploy-keys/ca.keystore 2017-06-05 14:51:31,136 INFO >> org.apache.flink.configuration.GlobalConfiguration - Loading >> configuration property: security.ssl.keystore-password, password 2017-06-05 >> 14:51:31,136 INFO org.apache.flink.configuration.GlobalConfiguration >> - Loading configuration property: security.ssl.key-password, password >> 2017-06-05 14:51:31,136 INFO >> org.apache.flink.configuration.GlobalConfiguration - Loading >> configuration property: security.ssl.truststore, deploy-keys/ca.truststore >> 2017-06-05 14:51:31,136 INFO >> org.apache.flink.configuration.GlobalConfiguration - Loading >> configuration property: security.ssl.truststore-password, password* >> >> >> Regards, >> Vinay Patil >> >> >> ------------------------------ >> If you reply to this email, your message will be added to the discussion >> below: >> http://apache-flink-user-mailing-list-archive.2336050.n4. >> nabble.com/In-transit-Data-Encryption-in-EMR-tp13455p13490.html >> To start a new topic under Apache Flink User Mailing List archive., email >> ml+s2336050n1...@n4.nabble.com >> To unsubscribe from Apache Flink User Mailing List archive., click here >> <http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=1&code=dmluYXkxOC5wYXRpbEBnbWFpbC5jb218MXwxODExMDE2NjAx> >> . >> NAML >> <http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> >> > > -- View this message in context: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/In-transit-Data-Encryption-in-EMR-tp13455p13609.html Sent from the Apache Flink User Mailing List archive. mailing list archive at Nabble.com.