It's possible that the Ambari Server can lose contact with the rest of the cluster if the server certificate becomes expired. To re-establish contact, follow these steps:

  1. Delete expired certificate on the Ambari Server.
  2. Generate new certificates.

    openssl genrsa -des3 -passout pass:12345 -out ca.key 4096 
    openssl req -passin pass:12345 -new -key ca.key -out ca.csr -batch
    openssl x509 -passin pass:12345 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
  3. Run 'ambari-server setup-https' and provide paths to new certificate info.

    Using python  /usr/bin/python2.6
    Setting up HTTPS properties...
    Do you want to disable SSL [y/n] n? 
    SSL port [8443] ? 
    Please enter path to Certificate: ca.crt
    Please enter path to Private Key: ca.key
    Please enter password for private key: 
    WARNING: There is no Common name in certificate
    WARNING: Validation of certificate hostname failed
    Importing and saving certificate...done.
    NOTE: Restart Ambari Server to apply changes ("ambari-server restart|stop|start")
    Cleaning bootstrap directory (/var/run/ambari-server/bootstrap) contents...
    Adjusting ambari-server permissions and ownership...
  4. Restart the Ambari Server.

    ambari-server restart


  • No labels