This generally means that your configured truststore cannot be opened or is empty and is plain vanilla SSL related issue not related to Knox or Ranger specifically.
On Wed, Jul 25, 2018 at 8:17 AM, Dhruv Goyal <[email protected]> wrote: > Hello, > > We are trying to enable ranger-knox plugin to provide authorisation from > Ranger. I had few queries: > > Do we need to have SSL enabled in Ranger to be integrated with Knox? > > What are the steps which will be required, what all keystore/truststore we > will need to create, is there any brief documentation for the same? > > We are planning to follow this document: https://docs. > hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/ > content/ch04s20s02s04s01.html > Is this the right doc to proceed? > > We have followed these commands: > cd /usr/hdp/2.6.5.0-292/knox/data/security/keystores > > keytool -exportcert -alias gateway-identity -keystore gateway.jks -file > ../knox.crt > pass- "Enter Key" > > cd ../ > > cp /usr/java/latest/jre/lib/security/cacerts cacerts.withknox > > keytool -import -trustcacerts -file knox.crt -alias knox -keystore > cacerts.withknox > Pass- changeit > > keytool -import -trustcacerts -file knox.crt -alias knox -keystore > cacerts.withknox > > But we are getting these errors when we are making the repo and clicking > on test connection: > > org.apache.ranger.plugin.client.HadoopException: Exception on REST call > to KnoxUrl : https://192.168.134.119:8443/gateway/admin/api/v1/topologies > .. > Exception on REST call to KnoxUrl : https://192.168.1.1:8443/ > gateway/admin/api/v1/topologies.. > javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: > java.security.InvalidAlgorithmParameterException: the trustAnchors > parameter must be non-empty. > java.lang.RuntimeException: Unexpected error: java.security. > InvalidAlgorithmParameterException: the trustAnchors parameter must be > non-empty. > Unexpected error: java.security.InvalidAlgorithmParameterException: the > trustAnchors parameter must be non-empty. > the trustAnchors parameter must be non-empty. > > > Thanks > Dhruv >
