Copy Data from HDFS to Vertica Fail. Error: SSL certificate problem.

sahil_kumar

When you get an error like below when copying data from HDFS to Vertica:
user=> COPY test FROM 'hdfs:/hnr02n01-d.hpeit.hpecorp.net/user/a.dat';
ERROR 7757: COPY: could not read from file [hdfs://hnr02n01-d.hpeit.hpecorpnet/user/a.dat];
OS Error: Success
Error Details: SSL certificate problem: self signed certificate

a)Please make sure you have all the certificates imported into the truststore file (all.jks for multi-node cluster).
Use keytool to list all the certficates in the all.jks store:

`$ keytool -list -keystore /etc/security/clientKeys/all.jks -storepass vertica`
    E.g, o/p:
    Keystore type: JKS
    Keystore provider: SUN
    Your keystore contains 3 entries
    qastress-centos68-06.verticacorp.com, Oct 9, 2018, trustedCertEntry,
    Certificate fingerprint (SHA1): D5:BC:70:13:20:17:98:B6:56:5C:87:7D:E8:EA:7B:7C:4C:50:94:A1
    qastress-centos68-05.verticacorp.com, Oct 9, 2018, trustedCertEntry,
    Certificate fingerprint (SHA1): AE:48:1B:92:A4:2F:9A:72:30:94:A3:81:D8:15:39:82:AB:93:EB:F2
    qastress-centos68-03.verticacorp.com, Oct 9, 2018, trustedCertEntry,
    Certificate fingerprint (SHA1): DC:8B:17:05:BB:21:52:AF:7A:FF:6D:4C:15:DB:2B:04:65:B6:1B:E9

b. The client truststore should contain the public keys for every single node in the cluster. If some nodes are missing,
you will need to add them on ALL nodes. The method to do is to generate the truststore (use /etc/security/clientKeys/all.jks)
on node1, copy it to node2, import the key from node2, copy to node3, import key from node3, etc.
(Note: the truststore location is set via ssl.client.truststore.location; default is /etc/security/clientKeys/all.jks)
Sample Command-
keytool -keystore truststore.jks -alias clusterCA -keyalg RSA -keysize 2048 -import -noprompt -file ca.cert -storepass vertica

c. Restart HDFS and try to copy from HDFS again.