[ https://issues.apache.org/jira/browse/YARN-2554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14525024#comment-14525024 ]
Hadoop QA commented on YARN-2554: --------------------------------- \\ \\ | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:red}-1{color} | patch | 0m 0s | The patch command could not apply the patch during dryrun. | \\ \\ || Subsystem || Report/Notes || | Patch URL | http://issues.apache.org/jira/secure/attachment/12670251/YARN-2554.3.patch | | Optional Tests | javadoc javac unit findbugs checkstyle | | git revision | trunk / f1a152c | | Console output | https://builds.apache.org/job/PreCommit-YARN-Build/7648/console | This message was automatically generated. > Slider AM Web UI is inaccessible if HTTPS/SSL is specified as the HTTP policy > ----------------------------------------------------------------------------- > > Key: YARN-2554 > URL: https://issues.apache.org/jira/browse/YARN-2554 > Project: Hadoop YARN > Issue Type: Bug > Components: webapp > Affects Versions: 2.6.0 > Reporter: Jonathan Maron > Attachments: YARN-2554.1.patch, YARN-2554.2.patch, YARN-2554.3.patch, > YARN-2554.3.patch > > > If the HTTP policy to enable HTTPS is specified, the RM and AM are > initialized with SSL listeners. The RM has a web app proxy servlet that acts > as a proxy for incoming AM requests. In order to forward the requests to the > AM the proxy servlet makes use of HttpClient. However, the HttpClient > utilized is not initialized correctly with the necessary certs to allow for > successful one way SSL invocations to the other nodes in the cluster (it is > not configured to access/load the client truststore specified in > ssl-client.xml). I imagine SSLFactory.createSSLSocketFactory() could be > utilized to create an instance that can be assigned to the HttpClient. > The symptoms of this issue are: > AM: Displays "unknown_certificate" exception > RM: Displays an exception such as "javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target" -- This message was sent by Atlassian JIRA (v6.3.4#6332)