This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • Handling Expired HTTPS Certificates
Skip to end of metadata
Go to start of metadata

It's possible that the Ambari Server can lose contact with the rest of the cluster if the server certificate becomes expired. To re-establish contact, follow these steps:

  1. Delete expired certificate on the Ambari Server.
  2. Generate new certificates.

    openssl genrsa -des3 -passout pass:12345 -out ca.key 4096 
    openssl req -passin pass:12345 -new -key ca.key -out ca.csr -batch
    openssl x509 -passin pass:12345 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
  3. Run 'ambari-server setup-https' and provide paths to new certificate info.

    Using python  /usr/bin/python2.6
    Setting up HTTPS properties...
    Do you want to disable SSL [y/n] n? 
    SSL port [8443] ? 
    Please enter path to Certificate: ca.crt
    Please enter path to Private Key: ca.key
    Please enter password for private key: 
    WARNING: There is no Common name in certificate
    WARNING: Validation of certificate hostname failed
    Importing and saving certificate...done.
    NOTE: Restart Ambari Server to apply changes ("ambari-server restart|stop|start")
    Cleaning bootstrap directory (/var/run/ambari-server/bootstrap) contents...
    Adjusting ambari-server permissions and ownership...
  4. Restart the Ambari Server.

    ambari-server restart


  • No labels