[jira] [Commented] (FLINK-22126) when i set ssl ,the jobmanager got certificate_unknown exception

[Robert Metzger (Jira)]

    [ 
https://issues.apache.org/jira/browse/FLINK-22126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17319964#comment-17319964
 ] 

Robert Metzger commented on FLINK-22126:
----------------------------------------

Mh, could this be the same issue? 
http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/Received-fatal-alert-certificate-unknown-td27851.html

> when i set ssl ,the jobmanager got certificate_unknown exception
> ----------------------------------------------------------------
>
>                 Key: FLINK-22126
>                 URL: https://issues.apache.org/jira/browse/FLINK-22126
>             Project: Flink
>          Issue Type: Bug
>          Components: Runtime / Coordination
>            Reporter: tonychan
>            Priority: Major
>         Attachments: image-2021-04-07-09-26-16-490.png, 
> image-2021-04-07-09-26-21-958.png
>
>
> !image-2021-04-07-09-26-21-958.png!
> my setup as below:
>  
> keytool -genkeypair -alias ca -keystore ca.keystore -dname "CN=ART002" 
> -storepass ca_keystore_password -keyalg RSA -keysize 4096 -ext "bc=ca:true" 
> -storetype PKCS12
> keytool -exportcert -keystore ca.keystore -alias ca -storepass 
> ca_keystore_password -file ca.cer
> keytool -importcert -keystore ca.truststore -alias ca -storepass 
> ca_truststore_password -file ca.cer -noprompt
>  
> keytool -genkeypair -alias flink.rest -keystore rest.signed.keystore -dname 
> "CN=ART002" -ext "SAN=dns:ART002" -storepass rest_keystore_password -keyalg 
> RSA -keysize 4096 -storetype PKCS12
> keytool -certreq -alias flink.rest -keystore rest.signed.keystore -storepass 
> rest_keystore_password -file rest.csr
> keytool -gencert -alias ca -keystore ca.keystore -storepass 
> ca_keystore_password -ext "SAN=dns:ART002,ip:*.*0.145.92" -infile rest.csr 
> -outfile rest.cer
> keytool -importcert -keystore rest.signed.keystore -storepass 
> rest_keystore_password -file ca.cer -alias ca -noprompt
> keytool -importcert -keystore rest.signed.keystore -storepass 
> rest_keystore_password -file rest.cer -alias flink.rest -noprompt
>  
>  
> security.ssl.rest.enabled: true
> security.ssl.rest.keystore: /data/flink/flink-1.11.2/ssl/rest.signed.keystore
> security.ssl.rest.truststore: /data/flink/flink-1.11.2/ssl/ca.truststore
> security.ssl.rest.keystore-password: rest_keystore_password
> security.ssl.rest.key-password: rest_keystore_password
> security.ssl.rest.truststore-password: ca_truststore_password
>  
>  
>  
>  
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)