SSLException

Indicates some kind of error detected by an SSL subsystem.
In most of the cases it is misconfiguration where keystores didn't contain the correct certificates, the certificate chain was incomplete or the client didn't supply a valid certificate.

In case of hadoop the SSL configuration are mainly done in core-site.xml ,ssl-server.xml and ssl-client.xml

• ssl-server.xml
• ssl.server.truststore.location
• ssl.server.truststore.password
• ssl.server.keystore.location
• ssl.server.keystore.keypassword
• ssl-client.xml
• ssl.client.truststore.location
• ssl.client.truststore.password
• ssl.client.keystore.location
• ssl.client.keystore.keypassword
  

Each keystore file contains the private key for each certificate, the single truststore file contains all the keys of all certificates. The keystore file is used by the Hadoop HttpServer while the truststore file is used by the client HTTPS connections.

Use the below command to verify in truststore the certificate is available.

keytool -list -v -keystore $ALL_JKS -storepass $CLIENT_TRUSTSTORE_PASSWORD

Probable causes for SSLException

*The certificate specified in Server and client mismatch is happening.
*Certificate not available in jks file mentioned.
*Truststore password specified is wrong in xml files.
*In SSL truststore location the file is not available.
*Misconfiguration of the server or client SSL certificate and private key.
*Hostname in certificate is not matching with actual server hostname.
*Common Name Mismatch or Host name in the URL you’re using for communication not matches one of the common names in the SSL certificate.
*Expired Certificate can be a cause for SSLPeerUnverifiedException.
*The particular cipher suite being used does not support authentication