Okay, But the truststore is not empty. Moreover do we need to have SSL enabled in Ranger for Knox - Ranger plugin??
Thanks Dhruv > On 25-Jul-2018, at 10:09 PM, larry mccay <lmc...@apache.org> wrote: > > This generally means that your configured truststore cannot be opened or is > empty and is plain vanilla SSL related issue not related to Knox or Ranger > specifically. > > > On Wed, Jul 25, 2018 at 8:17 AM, Dhruv Goyal <777.dh...@gmail.com > <mailto:777.dh...@gmail.com>> wrote: > Hello, > > We are trying to enable ranger-knox plugin to provide authorisation from > Ranger. I had few queries: > > Do we need to have SSL enabled in Ranger to be integrated with Knox? > > What are the steps which will be required, what all keystore/truststore we > will need to create, is there any brief documentation for the same? > > We are planning to follow this document: > https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/ch04s20s02s04s01.html > > <https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/ch04s20s02s04s01.html> > Is this the right doc to proceed? > > We have followed these commands: > cd /usr/hdp/2.6.5.0-292/knox/data/security/keystores > > keytool -exportcert -alias gateway-identity -keystore gateway.jks -file > ../knox.crt > pass- "Enter Key" > > cd ../ > > cp /usr/java/latest/jre/lib/security/cacerts cacerts.withknox > > keytool -import -trustcacerts -file knox.crt -alias knox -keystore > cacerts.withknox > Pass- changeit > > keytool -import -trustcacerts -file knox.crt -alias knox -keystore > cacerts.withknox > > But we are getting these errors when we are making the repo and clicking on > test connection: > > org.apache.ranger.plugin.client.HadoopException: Exception on REST call to > KnoxUrl : https://192.168.134.119:8443/gateway/admin/api/v1/topologies > <https://192.168.134.119:8443/gateway/admin/api/v1/topologies>.. > Exception on REST call to KnoxUrl : > https://192.168.1.1:8443/gateway/admin/api/v1/topologies > <https://192.168.1.1:8443/gateway/admin/api/v1/topologies>.. > javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: > java.security.InvalidAlgorithmParameterException: the trustAnchors parameter > must be non-empty. > java.lang.RuntimeException: Unexpected error: > java.security.InvalidAlgorithmParameterException: the trustAnchors parameter > must be non-empty. > Unexpected error: java.security.InvalidAlgorithmParameterException: the > trustAnchors parameter must be non-empty. > the trustAnchors parameter must be non-empty. > > > Thanks > Dhruv >
