java.util.concurrent.ExecutionException: java.io.UncheckedIOException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

we are securing client access to the cluster by configuring self signed ssl for cordinator .

follwing are the config.properties

coordinator=true
node-scheduler.include-coordinator=false
http-server.http.port=8889
query.max-memory=50GB
query.max-memory-per-node=1GB
query.max-total-memory-per-node=2GB
discovery.uri=http://192.168.100.1:8080
http-server.https.enabled=true
http-server.https.port=8081
http-server.https.keystore.path=/data/ssl/keystore.jks
http-server.https.keystore.key=changeit"

with this configuration coordianator has started successfully .

while connecting from CLI with below command facing the hand shake error

/home/trino/trino --server https://192.168.100.1:8081 --catalog hive --schema default --truststore-path /data/ssl/truststore.jks --truststore-password changeit

we have tried cli command by passing keystore as well .

WARNING: Exception thrown during refresh
java.util.concurrent.ExecutionException: java.io.UncheckedIOException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at com.google.common.util.concurrent.AbstractFuture.getDoneValue(AbstractFuture.java:566)
        at com.google.common.util.concurrent.AbstractFuture.get(AbstractFuture.java:527)
        at com.google.common.util.concurrent.AbstractFuture$TrustedFuture.get(AbstractFuture.java:104)
        at com.google.common.util.concurrent.Uninterruptibles.getUninterruptibly(Uninterruptibles.java:240)
        at com.google.common.cache.LocalCache$Segment.getAndRecordStats(LocalCache.java:2313)
        at com.google.common.cache.LocalCache$Segment$1.run(LocalCache.java:2293)
        at com.google.common.util.concurrent.DirectExecutor.execute(DirectExecutor.java:30)
        at com.google.common.util.concurrent.AbstractFuture.executeListener(AbstractFuture.java:1213)
        at com.google.common.util.concurrent.AbstractFuture.addListener(AbstractFuture.java:724)
        at com.google.common.util.concurrent.AbstractFuture$TrustedFuture.addListener(AbstractFuture.java:126)
        at com.google.common.cache.LocalCache$Segment.loadAsync(LocalCache.java:2288)
        at com.google.common.cache.LocalCache$Segment.refresh(LocalCache.java:2360)
        at com.google.common.cache.LocalCache.refresh(LocalCache.java:4134)
        at com.google.common.cache.LocalCache$LocalLoadingCache.refresh(LocalCache.java:4965)
        at io.trino.cli.TableNameCompleter.lambda$populateCache$0(TableNameCompleter.java:96)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.io.UncheckedIOException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at io.trino.client.JsonResponse.execute(JsonResponse.java:148)
        at io.trino.client.StatementClientV1.<init>(StatementClientV1.java:109)
        at io.trino.client.StatementClientFactory.newStatementClient(StatementClientFactory.java:24)
        at io.trino.cli.QueryRunner.startInternalQuery(QueryRunner.java:155)
        at io.trino.cli.QueryRunner.startInternalQuery(QueryRunner.java:146)
        at io.trino.cli.TableNameCompleter.queryMetadata(TableNameCompleter.java:76)
        at io.trino.cli.TableNameCompleter.listTables(TableNameCompleter.java:64)
        at com.google.common.cache.CacheLoader$FunctionToCacheLoader.load

On the surface all looks good. This would have to be debugged in detail. In general I suggest to avoid self signed certificates… just secure your cluster with a globally trusted cert and you wont have to do anything on the CLI.