[
https://issues.apache.org/jira/browse/OOZIE-3625?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andras Salamon resolved OOZIE-3625.
-----------------------------------
Resolution: Duplicate
> Unable to bring up oozie with certificate having wildcards in CN/SAN
> --------------------------------------------------------------------
>
> Key: OOZIE-3625
> URL: https://issues.apache.org/jira/browse/OOZIE-3625
> Project: Oozie
> Issue Type: Bug
> Components: core, ui
> Affects Versions: 5.2.1
> Environment: oozie 5.2.1
> hadoop 3
> openssl certificate with CN/SAN as *.\{DomainName}
> Reporter: Rashmi
> Priority: Major
> Attachments: jetty_code.png, oozie_error.png
>
>
> {color:#222222}Hi,{color}
>
> I'm trying to bring up oozie on a kerberized dataproc cluster. (Non HA mode)
> The ssl certificate that I use has CN as *.Domain.
>
> I get below error in oozie logs on start up.
>
> 2021-06-10 14:26:53,628 ERROR EmbeddedOozieServer:285 - SERVER[XXXXXl] Could
> not start EmbeddedOozieServer! Error message: KeyStores with multiple
> certificates are not supported on the base class
> org.eclipse.jetty.util.ssl.SslContextFactory. (Use
> org.eclipse.jetty.util.ssl.SslContextFactory$Server or
> org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
> 2021-06-10 14:26:53,633 INFO EmbeddedOozieServer:240 - SERVER[XXXX]
> Shutting down.
> 2021-06-10 14:26:53,644 INFO Services:520 - SERVER[XXXX] Shutdown.
>
> The oozie EmbeddedOozieServer.java class uses SslContextfactory. Jetty
> server needs SslContextfactory.Server for certificates which use wildcards in
> CN/SAN.
> The certificate has only one entry. The error is because of use of wildcards.
> Refer to attached Jetty and oozie sourceCode snippets.
>
> Jetty source code :
> [https://github.com/eclipse/jetty.project/blob/jetty-9.4.36.v20210114/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java]
> Jetty version : jetty-9.4.36.v20210114
> Please help.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
