My Oracle Support Banner

How to Set the Path to the TrustStore and TrustStore Password for the "Java Configuration Options for Navigator Metadata Server" CM Property on the BDA (Doc ID 2105329.1)

Last updated on DECEMBER 24, 2019

Applies to:

Big Data Appliance Integrated Software - Version 4.1.0 and later
Linux x86-64


The goal of this note is to provide some details on how to set the path to the Truststore and Truststore password in the "Java Configuration Options for Navigator Metadata Server" CM mgmt service property.

You might need this information if you encounter:"unable to find valid certification path to requested target" when logging into the Navigator UI on a system with TLS and AD authentication enabled.

In this case the workaround found in: Unable To Login into Cloudera Navigator Using Cloudera Manager Admin Credentials(Doc ID 2032980.1), suggests appending the CM "Java Configuration Options for Navigator Metadata Server" with:

mgmt > Configuration > Navigator Metadata Server Default Group > Advanced > Search: Java Configuration Options for Navigator Metadata Server

But this is not possible without understanding how to set the TrustStore path and password. The Q/A in the Solution section addresses that in order to successfully Log In to Navigator.

Questions and Answers

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Questions and Answers
 What is <path_to_trust_store_file> and the TrustStore password file?
 On the BDA should we copy $JAVA_HOME/jre/lib/security/cacerts to jssecacerts and with keytool make additions to jssecacerts as needed?
 If there is concerns about creating the jssecacerts from cacerts can $JAVA_HOME/jre/lib/security/cacerts be used directly?
 Should the jssecacerts be set up for only use by navigator?
 If both jssecacerts and cacerts exist, jssecacerts is used exclusively. Could that be a problem?
 Due to using TLS the path /opt/cloudera/security/jks contains the keystore. Can that be used instead?
 When the Cloudera documentation references: Copy the root CA certificate and any intermediary or subordinate CA certificates to /opt/cloudera/security/CAcerts/ which is not on the BDA what can we do?

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.