Re: In-transit Data Encryption in EMR
Posted by Vinay Patil on
URL: http://deprecated-apache-flink-user-mailing-list-archive.369.s1.nabble.com/In-transit-Data-Encryption-in-EMR-tp13455p13490.html
Hi Gordon,
The yarn session gets created when I try to run the following command:
yarn-session.sh -n 4 -s 2 -jm 1024 -tm 3000 -d --ship deploy-keys/
However when I try to access the Job Manager UI, it gives me exception as :
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I am able to see the Job Manager UI when I imported the CA certificate to java truststore on EMR master node :
keytool -keystore /etc/alternatives/jre/lib/security/cacerts -importcert -alias FLINKSSL -file ca.cer
Does this mean that SSL is configured correctly ? I can see in the Job Manager configurations and also in th e logs. Is there any other way to verify ?
Also the keystore and truststore password should be masked in the logs which is not case.
2017-06-05 14:51:31,135 INFO org.apache.flink.configuration.GlobalConfiguration - Loading configuration property: security.ssl.enabled, true
2017-06-05 14:51:31,136 INFO org.apache.flink.configuration.GlobalConfiguration - Loading configuration property: security.ssl.keystore, deploy-keys/ca.keystore
2017-06-05 14:51:31,136 INFO org.apache.flink.configuration.GlobalConfiguration - Loading configuration property: security.ssl.keystore-password, password
2017-06-05 14:51:31,136 INFO org.apache.flink.configuration.GlobalConfiguration - Loading configuration property: security.ssl.key-password, password
2017-06-05 14:51:31,136 INFO org.apache.flink.configuration.GlobalConfiguration - Loading configuration property: security.ssl.truststore, deploy-keys/ca.truststore
2017-06-05 14:51:31,136 INFO org.apache.flink.configuration.GlobalConfiguration - Loading configuration property: security.ssl.truststore-password, password
Regards,
Vinay Patil