[ https://issues.apache.org/jira/browse/KUDU-2401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Adar Dembo updated KUDU-2401: ----------------------------- Affects Version/s: 1.7.0 > External TLS certificate with Intermediate CA in server cert file fails > ----------------------------------------------------------------------- > > Key: KUDU-2401 > URL: https://issues.apache.org/jira/browse/KUDU-2401 > Project: Kudu > Issue Type: Bug > Components: security > Affects Versions: 1.7.0 > Reporter: Sailesh Mukil > Assignee: Sailesh Mukil > Priority: Major > Labels: security, tls > Fix For: 1.8.0 > > > This was found while using Impala w/ KRPC with external PKI. > Take 2 certificate files: cert.pem and truststore.pem > cert.pem has 2 certificates in it: > A cert for that node (with CN="hostname", and signed by CN=CertToolkitIntCA) > And the intermediate CA cert (with CN=CertToolkitIntCA, and signed by > CN=CertToolkitRootCA) > truststore.pem has 1 certificate in it: > A cert which is the root CA (with CN=CertToolkitRootCA, self-signed) > This format of certificates works with Impala on Thrift but it doesn't work > with KRPC. > Workaround for this issue w/ KRPC turned on: > If we move the second certificate from cert.pem (CN=CertToolkitIntCA) into > truststore.pem, then this seems to work. > Also TODO: Add a test case that has multiple intermediate CAs. Right now > we're testing with only one intermediate CA. -- This message was sent by Atlassian JIRA (v7.6.3#76005)