Hi Vinay, Apologies for the inactivity on this thread, I was occupied with some critical fixes for 1.3.1.
1. Can anyone please explain me how do you test if SSL is working correctly ? Currently I am just relying on the logs. AFAIK, if any of the SSL configuration settings are enabled (*.ssl.enabled) and your job is running fine, then everything should be functioning. 2. Wild Card is not working with the keytool command, can you please let me know what is the issue with the following command: The wildcard option only works for wildcarding subdomains. For example, SAN=*.domain.com On 9 June 2017 at 4:33:46 PM, vinay patil (vinay18.pa...@gmail.com) wrote: Hi Guys, Can anyone please provide me solution to my queries. On Jun 8, 2017 11:30 PM, "Vinay Patil" <[hidden email]> wrote: Hi Guys, I am able to setup SSL correctly, however the following command does not work correctly and results in the error I had mailed earlier flink run -m yarn-cluster -yt deploy-keys/ TestJob.jar Few Doubts: 1. Can anyone please explain me how do you test if SSL is working correctly ? Currently I am just relying on the logs. 2. Wild Card is not working with the keytool command, can you please let me know what is the issue with the following command: keytool -genkeypair -alias ca -keystore: -ext SAN=dns:node1.* Regards, Vinay Patil On Mon, Jun 5, 2017 at 8:43 PM, vinay patil [via Apache Flink User Mailing List archive.] <[hidden email]> wrote: Hi Gordon, The yarn session gets created when I try to run the following command: yarn-session.sh -n 4 -s 2 -jm 1024 -tm 3000 -d --ship deploy-keys/ However when I try to access the Job Manager UI, it gives me exception as : javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I am able to see the Job Manager UI when I imported the CA certificate to java truststore on EMR master node : keytool -keystore /etc/alternatives/jre/lib/security/cacerts -importcert -alias FLINKSSL -file ca.cer Does this mean that SSL is configured correctly ? I can see in the Job Manager configurations and also in th e logs. Is there any other way to verify ? Also the keystore and truststore password should be masked in the logs which is not case. 2017-06-05 14:51:31,135 INFO org.apache.flink.configuration.GlobalConfiguration - Loading configuration property: security.ssl.enabled, true 2017-06-05 14:51:31,136 INFO org.apache.flink.configuration.GlobalConfiguration - Loading configuration property: security.ssl.keystore, deploy-keys/ca.keystore 2017-06-05 14:51:31,136 INFO org.apache.flink.configuration.GlobalConfiguration - Loading configuration property: security.ssl.keystore-password, password 2017-06-05 14:51:31,136 INFO org.apache.flink.configuration.GlobalConfiguration - Loading configuration property: security.ssl.key-password, password 2017-06-05 14:51:31,136 INFO org.apache.flink.configuration.GlobalConfiguration - Loading configuration property: security.ssl.truststore, deploy-keys/ca.truststore 2017-06-05 14:51:31,136 INFO org.apache.flink.configuration.GlobalConfiguration - Loading configuration property: security.ssl.truststore-password, password Regards, Vinay Patil If you reply to this email, your message will be added to the discussion below: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/In-transit-Data-Encryption-in-EMR-tp13455p13490.html To start a new topic under Apache Flink User Mailing List archive., email [hidden email] To unsubscribe from Apache Flink User Mailing List archive., click here. NAML View this message in context: Re: In-transit Data Encryption in EMR Sent from the Apache Flink User Mailing List archive. mailing list archive at Nabble.com.
