错误：Peer's certificate issuer has been marked as not trusted by the user

Ambari开启了ssl，根据日志，访问如下两个网址报错：

https://c2bde03:50470/jmx

https://c2bde03:50470/jmx?get=Hadoop:service=NameNode,name=FSNamesystem::tag.HAState

但通过如下操作可以正常访问：

curl https://c2bde03:50470/jmx --cacert /etc/security/ca-cert

此种情况多发生在自签名的证书，报错含义是签发证书机构未经认证，无法识别。

解决办法是将签发该证书的私有CA公钥cacert.pem文件内容（本人生成的是ca-cert），追加到 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

解决办法（将证书追加）：

cd  /etc/pki/ca-trust/extracted/pem/

cp tls-ca-bundle.pem tls-ca-bundle.pem.bak （先备份）

cat /etc/security/ca-cert >> tls-ca-bundle.pem

 curl https://c2bde03:50470/jmx（访问正常）

另外注意个人创建CA的DN为：/C=cn/ST=changsha/L=hunan/O=chinacreator/OU=chinacreator/CN=AmbariCA

节点提供的DN：/C=cn/ST=changsha/L=hunan/O=chinacreator/OU=chinacreator/CN=c2bde02，

即CA DN 与certificate DN一定要不一样，否则会报：PEER'S CERTIFICATE HAS AN INVALID SIGNATURE.错误