RE: Handshake error configuring Knox repository geteway URL in Ranger admin

Thu, 21 May 2015 12:13:29 -0700 

Hi Team,

We are experiencing the below issue in enabling the knox repository in Ranger 
admin. Please advise us on how to resolve it.

Connection Failed.
Exception on REST call to KnoxUrl : 
https://<hostname>:8888/gateway/admin/api/v1/topologies<https://%3chostname%3e:8888/gateway/admin/api/v1/topologies>.
 You can still save the repository and start creating policies, but you would 
not be able to use autocomplete for resource names. Check xa_portal.log for 
more info.

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: 
No subject alternative names present.
java.security.cert.CertificateException: No subject alternative names present.
No subject alternative names present.

Full Trace:

ERROR com.xasecure.biz.AssetMgr (AssetMgr.java:1682) - Unable to connect 
repository with given config for cisco_knoxdev
com.xasecure.hadoop.client.exceptions.HadoopException: Exception on REST call 
to KnoxUrl : https://hostname:8888/gateway/admin/api/v1/topologies.
        at 
com.xasecure.knox.client.KnoxClient.getTopologyList(KnoxClient.java:138)
        at com.xasecure.knox.client.KnoxClient$2.call(KnoxClient.java:360)
        at com.xasecure.knox.client.KnoxClient$2.call(KnoxClient.java:357)
        at com.xasecure.knox.client.KnoxClient.timedTask(KnoxClient.java:384)
        at 
com.xasecure.knox.client.KnoxClient.getKnoxResources(KnoxClient.java:365)
        at 
com.xasecure.knox.client.KnoxClient.testConnection(KnoxClient.java:278)
        at com.xasecure.biz.AssetMgr.testConfig(AssetMgr.java:1657)
        at com.xasecure.rest.AssetREST.testConfig(AssetREST.java:163)
        at 
com.xasecure.rest.AssetREST$$FastClassByCGLIB$$90363ab.invoke(<generated>)
        at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:191)
        at 
org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:689)
        at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
        at 
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
        at 
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at 
org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:622)
        at 
com.xasecure.rest.AssetREST$$EnhancerByCGLIB$$d1881638.testConfig(<generated>)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
                                        at 
com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:168)
        at 
com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:70)
        at 
com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:279)
        at 
com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:136)
        at 
com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:86)
        at 
com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:136)
        at 
com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:74)
        at 
com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1357)
        at 
com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1289)
        at 
com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1239)
        at 
com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1229)
        at 
com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:420)
        at 
com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:497)
        at 
com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:684)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at 
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        at 
com.xasecure.security.web.filter.XASecurityContextFormationFilter.doFilter(XASecurityContextFormationFilter.java:134)
        at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        at 
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
        at 
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
        at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        at 
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
        at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        at 
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
        at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        at 
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
        at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        at 
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
        at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        at 
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
        at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        at 
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
        at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        at 
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
        at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        at 
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
        at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        at 
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
        at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        at 
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
        at 
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
        at 
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
        at 
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
        at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
        at 
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
        at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
        at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at 
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
        at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
        at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
        at 
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
        at 
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
        at 
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
Caused by: com.sun.jersey.api.client.ClientHandlerException: 
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: 
No subject alternative names present
        at 
com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:131)
        at 
com.sun.jersey.api.client.filter.HTTPBasicAuthFilter.handle(HTTPBasicAuthFilter.java:81)
        at com.sun.jersey.api.client.Client.handle(Client.java:616)
        at com.sun.jersey.api.client.WebResource.handle(WebResource.java:559)
        at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:72)
        at 
com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:454)
        at 
com.xasecure.knox.client.KnoxClient.getTopologyList(KnoxClient.java:86)
        ... 84 more
Caused by: javax.net.ssl.SSLHandshakeException: 
java.security.cert.CertificateException: No subject alternative names present
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
        at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446)
        at 
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:837)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)
        at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
        at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
        at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
        at 
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
        at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
        at 
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1301)
        at 
java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
        at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
        at 
com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:218)
        at 
com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:129)
        ... 90 more
Caused by: java.security.cert.CertificateException: No subject alternative 
names present
        at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:142)
        at sun.security.util.HostnameChecker.match(HostnameChecker.java:91)
        at 
sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:347)
        at 
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:203)
        at 
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
        at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428)
        ... 104 more



Thanks & Regards,
Prabu
  • RE: Handshak... Prabu Soundar Rajan -X (prabsoun - MINDTREE LIMITED at Cisco)

Reply via email to