My Oracle Support Banner

After BDA Expansion with self-signed Certificates BDR Jobs Fail with "sun.security.validator.ValidatorException: No trusted certificate found" (Doc ID 2737561.1)

Last updated on DECEMBER 16, 2020

Applies to:

Big Data Appliance Integrated Software - Version 4.13.0 and later
Linux x86-64

Symptoms

In the images, examples and document that follow, user details, cluster names, hostnames, directory paths, filenames, etc. represent a fictitious sample (and are used to provide an illustrative example only). Any similarity to actual persons, or entities, living or dead, is purely coincidental and not intended in any manner. 

 After BDA expansion with self-signed certificates BDR jobs fail with the symptoms below:

1. Post expansion BDR jobs, where the source is the cluster just expanded, start to fail with:

Peer Name Peer URL Status
Production https://<HOSTNAME3>.<DOMAIN>:7183 Unknown exception of type javax.ws.rs.client.ClientException while connecting to https://<HOSTANAME3>.<DOMAIN>:7183

2. On the source cluster, /var/log/cloudera-scm-server/cloudera-scm-server.log shows:

ERROR CommandPusher:com.cloudera.cmf.service.CmPeerTestCmdWork: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://<HOSTNAME3>.<DOMAIN>:7183/api/v1/tools/echo?message=<MESSAGE>: sun.security.validator.ValidatorException: No trusted certificate found
javax.ws.rs.client.ClientException: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://<HOSTNAME3>.<DOMAIN>:7183/api/v1/tools/echo?message=<MESSAGE>: sun.security.validator.ValidatorException: No trusted certificate found
...
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found

3. Checking the affected host on the source cluster, shows that the truststore, /opt/cloudera/security/jks/<CLUSTER_NAME>.truststore,
does not contain a certificate entry for the target cluster.

a) For example checking as below indicates no certificate for the target cluster is present:

b) This certificate for the target cluster is present in the backup of the trustsore created prior to expansion.

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.