Need help with Riak-KV (2.1.4) certificate based authentication using Java client

Luke Bakken lbakken at basho.com
Mon Aug 29 10:58:42 EDT 2016


Kyle -

What is the output of these commands?

riak-admin security print-users
riak-admin security print-sources

http://docs.basho.com/riak/kv/2.1.4/using/security/basics/#user-management

Please note that setting up certificate authentication *requires* that
you have set up SSL / TLS in Riak as well.

http://docs.basho.com/riak/kv/2.1.4/using/security/basics/#enabling-ssl

The SSL certificates used by Riak *must* have their "CN=" section
match the server's DNS-resolvable host name. This is an SSL/TLS
requirement, not specific to Riak. Then, when you connect via the Java
client, you must use the DNS name and not IP address. The client must
have the appropriate public key information to validate the server
cert as well (from Get a Cert).

--
Luke Bakken
Engineer
lbakken at basho.com

On Fri, Aug 26, 2016 at 3:34 PM, Nguyen, Kyle <kyle.nguyen at philips.com> wrote:
> Update – Handshake was successfully after I opted out mutual authentication
> option, client no longer sends its certificate to riak. However, getting the
> following error after TLS is established:
>
>
>
> *** Finished
>
> verify_data:  { 149, 140, 49, 23, 238, 152, 45, 212, 158, 44, 189, 155 }
>
> ***
>
> %% Cached client session: [Session-12, TLS_RSA_WITH_AES_128_CBC_SHA256]
>
> nioEventLoopGroup-2-4, WRITE: TLSv1.2 Application Data, length = 21
>
> nioEventLoopGroup-2-4, called closeOutbound()
>
> …..
>
> Caused by: com.basho.riak.client.core.NoNodesAvailableException
>
>         at
> com.basho.riak.client.core.RiakCluster.retryOperation(RiakCluster.java:469)
>
>         at
> com.basho.riak.client.core.RiakCluster.access$1000(RiakCluster.java:48)
>
>         at
> com.basho.riak.client.core.RiakCluster$RetryTask.run(RiakCluster.java:554)
>
>         at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>
>         at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>
>         at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
>
>         at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
>
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>
>         ... 1 more




More information about the riak-users mailing list