Ask Your Question
1

Error while creating file in Azure Datalake -- java.security.cert.CertificateException

asked 2018-07-16 11:22:56 -0500

bob999c gravatar image

updated 2018-07-16 13:13:10 -0500

metadaddy gravatar image

I am getting below exception while creating a file in Azure Datalake.

==============================================================
2018-07-16 08:00:08,777 HadoopPipeline/HadoopPipeline222aa313-3f96-4444-92f8-d0ec09c8c3e2   ERROR   Failed to connect to Azure Data Lake Store: 'Error getting info for file /dltmhadoop/testdata/4a584d96-8189-462d-a9cf-057a84e79719  DataLakeTarget  *admin  0   ProductionPipelineRunnable-HadoopPipeline222aa313-3f96-4444-92f8-d0ec09c8c3e2-HadoopPipeline
Operation GETFILESTATUS failed with exception javax.net.ssl.SSLHandshakeException : java.security.cert.CertificateException: No subject alternative DNS name matching tmhdhadoop.eastus2.cloudapp.azure.com found.
Last encountered exception thrown after 5 tries. [javax.net.ssl.SSLHandshakeException,javax.net.ssl.SSLHandshakeException,javax.net.ssl.SSLHandshakeException,javax.net.ssl.SSLHandshakeException,javax.net.ssl.SSLHandshakeException]
 [ServerRequestId:null]'
com.microsoft.azure.datalake.store.ADLException: Error getting info for file /dltmhadoop/testdata/4a584d96-8189-462d-a9cf-057a84e79719
Operation GETFILESTATUS failed with exception javax.net.ssl.SSLHandshakeException : java.security.cert.CertificateException: No subject alternative DNS name matching tmhdhadoop.eastus2.cloudapp.azure.com found.
Last encountered exception thrown after 5 tries. [javax.net.ssl.SSLHandshakeException,javax.net.ssl.SSLHandshakeException,javax.net.ssl.SSLHandshakeException,javax.net.ssl.SSLHandshakeException,javax.net.ssl.SSLHandshakeException]
 [ServerRequestId:null]
    at com.microsoft.azure.datalake.store.ADLStoreClient.getExceptionFromResponse(ADLStoreClient.java:1122)
    at com.microsoft.azure.datalake.store.ADLStoreClient.getDirectoryEntry(ADLStoreClient.java:700)
    at com.microsoft.azure.datalake.store.ADLStoreClient.getDirectoryEntry(ADLStoreClient.java:682)
    at com.microsoft.azure.datalake.store.ADLStoreClient.checkExists(ADLStoreClient.java:768)
    at com.streamsets.pipeline.stage.destination.datalake.DataLakeTarget.validatePermission(DataLakeTarget.java:372)
    at com.streamsets.pipeline.stage.destination.datalake.DataLakeTarget.init(DataLakeTarget.java:174)
    at com.streamsets.pipeline.api.base.BaseStage.init(BaseStage.java:48)
    at com.streamsets.pipeline.api.base.configurablestage.DStage.init(DStage.java:36)
    at com.streamsets.datacollector.runner.StageRuntime.lambda$init$0(StageRuntime.java:177)
    at com.streamsets.datacollector.util.LambdaUtil.withClassLoaderInternal(LambdaUtil.java:148)
    at com.streamsets.datacollector.util.LambdaUtil.withClassLoader(LambdaUtil.java:44)
    at com.streamsets.datacollector.runner.StageRuntime.init(StageRuntime.java:175)
    at com.streamsets.datacollector.runner.StagePipe.init(StagePipe.java:99)
    at com.streamsets.datacollector.runner.StagePipe.init(StagePipe.java:47)
    at com.streamsets.datacollector.runner.Pipeline.initPipe(Pipeline.java:386)
    at com.streamsets.datacollector.runner.Pipeline.lambda$init$0(Pipeline.java:376)
    at com.streamsets.datacollector.runner.PipeRunner.forEach(PipeRunner.java:166)
    at com.streamsets.datacollector.runner.Pipeline.init(Pipeline.java:374)
    at com.streamsets.datacollector.execution.runner.common.ProductionPipeline.run(ProductionPipeline.java:96)
    at com.streamsets.datacollector.execution.runner.common.ProductionPipelineRunnable.run(ProductionPipelineRunnable.java:74)
    at com.streamsets.datacollector.execution.runner.standalone.StandaloneRunner.start(StandaloneRunner.java:756)
    at com.streamsets.datacollector.execution.AbstractRunner.lambda$scheduleForRetries$0(AbstractRunner.java:180)
    at com.streamsets.pipeline.lib.executor.SafeScheduledExecutorService$SafeCallable.lambda$call$0(SafeScheduledExecutorService.java:226)
    at com.streamsets.datacollector.security.GroupsInScope.execute(GroupsInScope.java:33)
    at com.streamsets.pipeline.lib.executor.SafeScheduledExecutorService$SafeCallable.call(SafeScheduledExecutorService.java:222)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
    at com.streamsets.datacollector.metrics.MetricSafeScheduledExecutorService$MetricsTask.run(MetricSafeScheduledExecutorService.java:100)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java ...
(more)
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-07-16 11:41:14 -0500

metadaddy gravatar image

updated 2018-07-16 17:14:23 -0500

Looking at the SSL handshake with curl shows the same error, with a hint as to why:

$ curl -v https://tmhdhadoop.eastus2.cloudapp.azure.com/
*   Trying 52.179.197.197...
* TCP_NODELAY set
* Connected to tmhdhadoop.eastus2.cloudapp.azure.com (52.179.197.197) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=*.azurehdinsight.net
*  start date: Nov 28 21:51:20 2017 GMT
*  expire date: Nov 28 21:51:20 2019 GMT
*  subjectAltName does not match tmhdhadoop.eastus2.cloudapp.azure.com
* SSL: no alternative certificate subject name matches target host name 'tmhdhadoop.eastus2.cloudapp.azure.com'
* stopped the pause stream!
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
curl: (51) SSL: no alternative certificate subject name matches target host name 'tmhdhadoop.eastus2.cloudapp.azure.com'

So you're trying to contact tmhdhadoop.eastus2.cloudapp.azure.com, but the SSL certificate has the subject *.azurehdinsight.net - the Azure client library is quite correctly throwing an error. The subject gives us a clue as to how to resolve the problem - use a hostname in the azurehdinsight.net domain. After a few tries...

$ host tmhdhadoop.azurehdinsight.net
tmhdhadoop.azurehdinsight.net is an alias for tmhdhadoop.eastus2.cloudapp.azure.com.
tmhdhadoop.eastus2.cloudapp.azure.com has address 52.179.197.197

Sure enough, trying curl with tmhdhadoop.azurehdinsight.net shows that the SSL connection is good:

$ curl -v https://tmhdhadoop.azurehdinsight.net/
*   Trying 52.179.197.197...
* TCP_NODELAY set
* Connected to tmhdhadoop.azurehdinsight.net (52.179.197.197) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA384
* ALPN, server did not agree to a protocol
* Server certificate ...
(more)
edit flag offensive delete link more
Login/Signup to Answer

Question Tools

1 follower

Stats

Asked: 2018-07-16 11:22:56 -0500

Seen: 31 times

Last updated: Jul 16