[ https://issues.apache.org/jira/browse/KUDU-2401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sailesh Mukil resolved KUDU-2401. --------------------------------- Resolution: Fixed Fix Version/s: 1.7.1 https://github.com/apache/kudu/commit/109fdc84e45523fdbd8b1ca29110965187b10323 > External TLS certificate with Intermediate CA in server cert file fails > ----------------------------------------------------------------------- > > Key: KUDU-2401 > URL: https://issues.apache.org/jira/browse/KUDU-2401 > Project: Kudu > Issue Type: Bug > Components: security > Reporter: Sailesh Mukil > Assignee: Sailesh Mukil > Priority: Major > Labels: security, tls > Fix For: 1.7.1 > > > This was found while using Impala w/ KRPC with external PKI. > Take 2 certificate files: cert.pem and truststore.pem > cert.pem has 2 certificates in it: > A cert for that node (with CN="hostname", and signed by CN=CertToolkitIntCA) > And the intermediate CA cert (with CN=CertToolkitIntCA, and signed by > CN=CertToolkitRootCA) > truststore.pem has 1 certificate in it: > A cert which is the root CA (with CN=CertToolkitRootCA, self-signed) > This format of certificates works with Impala on Thrift but it doesn't work > with KRPC. > Workaround for this issue w/ KRPC turned on: > If we move the second certificate from cert.pem (CN=CertToolkitIntCA) into > truststore.pem, then this seems to work. > Also TODO: Add a test case that has multiple intermediate CAs. Right now > we're testing with only one intermediate CA. -- This message was sent by Atlassian JIRA (v7.6.3#76005)