Details
Description
Hi,
I'm trying to bring up oozie on a kerberized dataproc cluster. (Non HA mode)
The ssl certificate that I use has CN as *.Domain.
I get below error in oozie logs on start up.
2021-06-10 14:26:53,628 ERROR EmbeddedOozieServer:285 - SERVER[XXXXXl] Could not start EmbeddedOozieServer! Error message: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
2021-06-10 14:26:53,633 INFO EmbeddedOozieServer:240 - SERVER[XXXX] Shutting down.
2021-06-10 14:26:53,644 INFO Services:520 - SERVER[XXXX] Shutdown.
The oozie EmbeddedOozieServer.java class uses SslContextfactory. Jetty server needs SslContextfactory.Server for certificates which use wildcards in CN/SAN.
The certificate has only one entry. The error is because of use of wildcards. Refer to attached Jetty and oozie sourceCode snippets.
Jetty source code : https://github.com/eclipse/jetty.project/blob/jetty-9.4.36.v20210114/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
Jetty version : jetty-9.4.36.v20210114
Please help.
Attachments
Attachments
Issue Links
- duplicates
-
OOZIE-3599 Upgrade Jetty to 9.4.43.v20210629
-
- Resolved
-
-
-
- Resolved
-