[
https://issues.apache.org/jira/browse/YARN-2554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16157777#comment-16157777
]
ASF GitHub Bot commented on YARN-2554:
--------------------------------------
Github user asfgit closed the pull request at:
https://github.com/apache/hadoop/pull/270
> Slider AM Web UI is inaccessible if HTTPS/SSL is specified as the HTTP policy
> -----------------------------------------------------------------------------
>
> Key: YARN-2554
> URL: https://issues.apache.org/jira/browse/YARN-2554
> Project: Hadoop YARN
> Issue Type: Bug
> Components: webapp
> Affects Versions: 2.6.0
> Reporter: Jonathan Maron
> Labels: BB2015-05-TBR
> Attachments: YARN-2554.1.patch, YARN-2554.2.patch, YARN-2554.3.patch,
> YARN-2554.3.patch
>
>
> If the HTTP policy to enable HTTPS is specified, the RM and AM are
> initialized with SSL listeners. The RM has a web app proxy servlet that acts
> as a proxy for incoming AM requests. In order to forward the requests to the
> AM the proxy servlet makes use of HttpClient. However, the HttpClient
> utilized is not initialized correctly with the necessary certs to allow for
> successful one way SSL invocations to the other nodes in the cluster (it is
> not configured to access/load the client truststore specified in
> ssl-client.xml). I imagine SSLFactory.createSSLSocketFactory() could be
> utilized to create an instance that can be assigned to the HttpClient.
> The symptoms of this issue are:
> AM: Displays "unknown_certificate" exception
> RM: Displays an exception such as "javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target"
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
