Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Renewed TLS Certificates - but browser still shows older one

Labels:
avatar
author-rank Johnny_Bach
Contributor

Created ‎09-11-2018 09:01 AM

i have renewed the tls certificates and applied on the cloudera manager server but the browser is still showing the older one by looking at the expiry date , tried clearing the browser cache , but still it shows older ones. appreciate for any help

3,214 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank Tomas79
Guru

Created ‎09-11-2018 11:14 AM

Yes of course.Restart the scm and agents.Then two things can happen:

 - everything falls apart - your agents will not be able to communicate with the scm server

 - all ok - check your certificate with openssl  - if it is still old, you are configuing the certificate in the wrong path.

 

Check also your settings in /etc.

 

View solution in original post

3,151 Views
11 REPLIES 11

avatar
author-rank Tomas79
Guru

Created ‎09-11-2018 10:33 AM

As far as I know there is no way to extend the TLS certificate validity, so if you created a new certificate, and placed into a truststore make sure the old one is removed.
3,022 Views
0 Kudos

avatar
author-rank Johnny_Bach
Contributor

Created ‎09-11-2018 10:39 AM

@Tomas79

i meant i have requested for an new certificate and applied it on the server

3,021 Views
0 Kudos

avatar
author-rank Tomas79
Guru

Created ‎09-11-2018 10:46 AM

You can try to get the server certificate via openssl command:
openssl s_client -connect <host>
and verify if the certificate is new or old.
If it is new, then your browser or PC has some issues.
3,018 Views
0 Kudos

avatar
author-rank Johnny_Bach
Contributor

Created ‎09-11-2018 11:03 AM

@Tomas79,

 

openssl s_client connect is reading the old certificate ,whereas i have replaced ceritificates with new one under the /opt/cloudera/security/x509 and /opt/cloudera/security/jks path

 

and i did not happen to notice any heartbeat issue , agents hearbeat are also working fine , i don't see any issues with that

3,017 Views
0 Kudos

avatar
author-rank Johnny_Bach
Contributor

Created ‎09-11-2018 11:11 AM

Does it require an restart of the cloudera manager service ?
3,007 Views
0 Kudos

avatar
author-rank Tomas79
Guru

Created ‎09-11-2018 11:14 AM

Yes of course.Restart the scm and agents.Then two things can happen:

 - everything falls apart - your agents will not be able to communicate with the scm server

 - all ok - check your certificate with openssl  - if it is still old, you are configuing the certificate in the wrong path.

 

Check also your settings in /etc.

 

3,152 Views

avatar
author-rank Johnny_Bach
Contributor

Created ‎09-11-2018 11:18 AM

@Tomas79

 

it should have fallen apart after 15 secs, thats interval at which agents sends heartbeat and i have encountered issues with TLS over the past and when somethig has gone wrong , service would immediately fail and throws error in the log.

 

this is quite weird though

3,000 Views
0 Kudos

avatar
author-rank Johnny_Bach
Contributor

Created ‎09-11-2018 11:21 AM

i could only see new certificate applied on hue UI, hence i'm pretty sure on the path too of other server
2,999 Views
0 Kudos

avatar
author-rank Tomas79
Guru

Created ‎09-11-2018 11:28 AM

But Hue does not have to be configured the same way as CM. Every component can have his truststore and keystore configured in a different path. Also for example Hue requires "cert" file in PEM format, other components requires JKS - truststores and keystores.
2,993 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements