[jira] [Created] (AMBARI-5610) Usability: When setting up HTTPS for ambari-server, ambari didn't validate the path name and generate misleading error message

Tue, 29 Apr 2014 04:42:15 -0700 

Andrew Onischuk created AMBARI-5610:
---------------------------------------

             Summary: Usability: When setting up HTTPS for ambari-server, 
ambari didn't validate the path name and generate misleading error message
                 Key: AMBARI-5610
                 URL: https://issues.apache.org/jira/browse/AMBARI-5610
             Project: Ambari
          Issue Type: Bug
            Reporter: Andrew Onischuk
            Assignee: Andrew Onischuk
             Fix For: 1.6.1


PROBLEM: When setting up https for Ambari-server, ambari ask for the path to
certificate and private key. It actually ask for the file name or the folder
name. But ambari will not validate the path and give misleading error message.

STEPS TO REPRODUCE:  
1\. generate self-signed certificate in /root/cert/  
2\. Run ambari-server setup-security  
3.  
Do you want to configure HTTPS
[y/n](https://hortonworks.jira.com/wiki/display/BUG/y%2Fn)
![](https://hortonworks.jira.com/images/icons/emoticons/thumbs_up.gif)? y  
SSL port [8443](https://hortonworks.jira.com/wiki/display/BUG/8443) ?  
Enter path to Certificate: /root/cert  
Enter path to Private Key: /root/cert

ACTUAL BEHAVIOR: Ambari allow the user to go thru the next step and give out
misleading error:  
INFO: about to run command: openssl x509 -dates -subject -in /root/cert/  
Error getting Certificate info  
unable to load certificate  
140323342726984:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE

WARNING: Unable to get Certificate information  
Generating random password for HTTPS keystore...done.  
INFO: about to run command: openssl rsa -in /root/cert -des3 -out
/root/cert.secured -passout
pass:xzRullsqlxDu7uQQwx1igE5LrXsIOBFPnSKpUuGxK1qtaovqNA  
ERROR: Could not import Certificate and Private Key.  
SSL error on exporting keystore: unable to load Private Key  
140535709996872:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:703:Expecting: ANY PRIVATE KEY.  
Please ensure that provided Private Key password is correct and re-import
Certificate.

EXPECTED BEHAVIOR: Since the error message comes from openssl, It will be good
that ambari can validate the path name before it launch the openssl command,
asking the customer to provide the correct path name, which should be
/root/cert/klss20.test.com.crt





--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to