Header Shadow Image

Cloudera: WrongHost: Peer certificate subjectAltName does not match host

Getting the following when configuring remote workers on Azure:

[17/May/2020 13:09:38 +0000] 3529 MainThread agent        ERROR    Heartbeating to failed.
Traceback (most recent call last):
  File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/agent.py", line 1387, in _send_heartbeat
  File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/https.py", line 139, in _init_
  File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/M2Crypto/httpslib.py", line 69, in connect
    sock.connect((self.host, self.port))
  File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 313, in connect
    if not check(self.get_peer_cert(), self.addr[0]):
  File "/opt/cloudera/cm-agent/lib/python2.7/site-packages/M2Crypto/SSL/Checker.py", line 125, in _call_
WrongHost: Peer certificate subjectAltName does not match host, expected, got DNS:srv-c01.mws.mds.xyz, DNS:cm-r01nn01.mws.mds.xyz, DNS:cm-r01nn02.mws.mds.xyz

Because locally visible hostnames aren't externally, /etc/hosts modifications are necessary in this case to make the self signed certificates happy:

[root@cm-awn01 ~]# cat /etc/hosts   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6   cm-awn01.nix.mds.xyz cm-awn01        cm-awn01.nix.mds.xyz cm-awn01 srv-c01.mws.mds.xyz cm-r01nn01.mws.mds.xyz cm-r01nn02.mws.mds.xyz
[root@cm-awn01 ~]#

Ensure your Cloudera Agent Config matches:

[root@cm-awn01 ~]# cat /etc/cloudera-scm-agent/config.ini|grep server

Hackish but works.


Leave a Reply

You must be logged in to post a comment.

  Copyright © 2003 - 2013 Tom Kacperski (microdevsys.com). All rights reserved.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License