Follow

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)

Issue:

When attempting to register Ambari Agents during initial cluster creation, or if hosts fail to appear as online in Ambari following an update, you may see the following error in Ambari's UI, or in the ambari-agent logs:

  • [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)

Cause:

This is due to a defect in newer releases of Python 2.7.5 (build 58 or greater) which causes certificate validation to fail regardless of certificate status. This is outlined further in the following link:

  • https://community.hortonworks.com/questions/120861/ambari-agent-ssl-certificate-verify-failed-certifi.html

Resolution Steps:

NOTE: We strongly recommend that Python is NOT updated to a version newer than python-2.7.5-48.el*.x86_64. If it is newer, downgrade if possible.

  1. To verify the version of python that is currently installed, SSH to all nodes in the Interset Cluster as a user with sudo permissions, and please execute the following command:
    • sudo yum list installed |grep python.x86_64
  2. The output from the command above will be similar to the following:
    • audit-libs-python.x86_64 2.7.6-3.el7 installed
    • dbus-python.x86_64 1.1.1-9.el7 installed
    • libselinux-python.x86_64 2.5-11.el7 installed
    • libsemanage-python.x86_64 2.5-8.el7 installed
    • libxml2-python.x86_64 2.9.1-6.el7_2.3 installed
    • newt-python.x86_64 0.52.15-4.el7 installed
    • policycoreutils-python.x86_64 2.5-17.1.el7 installed
    • python.x86_64 2.7.5-58.el7 installed
    • rpm-python.x86_64 4.11.3-25.el7 installed
  3. Look for the following line:
    • python.x86_64 2.7.5-XX.elY
      • NOTE:
        • XX denotes the build version of Python 2.7.5. If build 58 or greater, please continue with the steps below. If build 57 or less, there are no changes required. 
        • Y denotes the Linux version
  4. If the Python version listed is 2.7.5-58 or greater, please execute the following command to disable Python certificate validation:
    • sudo sed -i 's/^verify.*/verify=disable/' /etc/python/cert-verification.cfg

Applies To

  • Interset 5.4.x or higher
  • Python 2.7.5-58 or higher

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments