User/Application Certificates Created in $JAVA_HOME/jre/lib/security/jssecacerts Have Dependencies on Mammoth Upgrades that Upgrade Java. (Doc ID 2253796.1)

Last updated on APRIL 18, 2017

Applies to:

Big Data Appliance Integrated Software - Version 4.5.0 and later
Linux x86-64

Symptoms

User/application generated certificates created in $JAVA_HOME/jre/lib/security/jssecacerts file have dependencies on Mammoth upgrades that upgrade Java.

When a TLS handshake takes place the client will check, in this order,

  1. It's truststore (if configured)
  2. $JAVA_HOME/jre/lib/security/jssecacerts
  3. $JAVA_HOME/jre/lib/security/cacerts

If $JAVA_HOME/jre/lib/security/jssecacerts is used for a TLS handshake, it will be lost after a Java upgrade.  This is true regardless of whether the Java upgrade is a result of a Mammoth upgrade (which upgrades Java) or Java upgrade for another reason.

For example, in the case of a BDA upgrade from V4.5 to V4.7 where Mammoth upgrades Java, after the BDA upgrade is complete it will not be possible to log into Cloudera Manager(CM) using LDAP if the $JAVA_HOME/jre/lib/security/jssecacerts was created by a user/application to be used by CM.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms