Hue Load Balancer does not start after enabling TLS

The Hue Load Balancer reads the private key file that is defined in the Hue Load Balancer TLS/SSL Server Private Key File (PEM Format) configuration property to start. Since the private key files are usually encrypted, the Hue Load Balancer must be configured to use the corresponding key password, without which it cannot start.

If you have enabled TLS for the Hue service on your cluster, and if the private key file is password protected (encrypted), then you may see the following error in the Hue Load Balancer log file (/var/log/hue-httpd/error_log):
AH02312: Fatal error initialising mod_ssl, exiting.
The following message is also logged in the /var/run/cloudera-scm-agent/process/[***XXX-HUE_LOAD_BALANCER/logs/stdout.log file:
CLOUDERA_HTTPD_USE_SSL=true
Apache/2.4.6 mod_ssl (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server example.test.com:443 (RSA)
Enter pass phrase:

To resolve this issue:

  1. Create a password file in your chosen security directory and insert the private key password as shown in the following example:
    echo "abc123" > /etc/security/password.txt
    Where abc123 is the private key password and password.txt is the password file.
  2. Set the file ownership and permissions as shown in the following example:
    chown hue:hue password.txt
    chmod 700 password.txt
  3. Enter the path to the file containing the passphrase used to encrypt the private key of the Hue Load Balancer server in the Hue Load Balancer TLS/SSL Server SSLPassPhraseDialog field.
    In this case, /etc/security/password.txt.
  4. Click Save Changes.
  5. Restart the Hue service.