Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
PROBLEM: When setting up https for Ambari-server, ambari ask for the path to
certificate and private key. It actually ask for the file name or the folder
name. But ambari will not validate the path and give misleading error message.
STEPS TO REPRODUCE:
1\. generate self-signed certificate in /root/cert/
2\. Run ambari-server setup-security
3.
Do you want to configure HTTPS
[y/n](https://hortonworks.jira.com/wiki/display/BUG/y%2Fn)
? y
SSL port [8443](https://hortonworks.jira.com/wiki/display/BUG/8443) ?
Enter path to Certificate: /root/cert
Enter path to Private Key: /root/cert
ACTUAL BEHAVIOR: Ambari allow the user to go thru the next step and give out
misleading error:
INFO: about to run command: openssl x509 -dates -subject -in /root/cert/
Error getting Certificate info
unable to load certificate
140323342726984:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
WARNING: Unable to get Certificate information
Generating random password for HTTPS keystore...done.
INFO: about to run command: openssl rsa -in /root/cert -des3 -out
/root/cert.secured -passout
pass:xzRullsqlxDu7uQQwx1igE5LrXsIOBFPnSKpUuGxK1qtaovqNA
ERROR: Could not import Certificate and Private Key.
SSL error on exporting keystore: unable to load Private Key
140535709996872:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:703:Expecting: ANY PRIVATE KEY.
Please ensure that provided Private Key password is correct and re-import
Certificate.
EXPECTED BEHAVIOR: Since the error message comes from openssl, It will be good
that ambari can validate the path name before it launch the openssl command,
asking the customer to provide the correct path name, which should be
/root/cert/klss20.test.com.crt