Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

After Rewewing Node Certificates Ambari Node Still Shows Old Certificate

Labels:
avatar
author-rank mkobe
Contributor

Created on ‎01-21-2020 08:39 AM - edited ‎01-21-2020 09:19 AM

The node certificates on my cluster are expiring soon so I have installed new ones, including on the node that has ambari-server.

 

However, after restarting ambari server, ambari agent, and even the node itself, the old certificate still shows.

 

I've tried also clearing cache and cookies for all time on my browser, but it doesn't work and the old cert even shows up on IE.

 

I've tried the same methodology for other nodes in the cluster and it has worked, so why isn't it working for the ambari node? (ambari-server is set up through an https port)

 

1,207 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank lyubomirangelo
Contributor

Created ‎01-22-2020 02:56 AM

Hello,

In older versions of ambari, HDP 2.6.5 we've seen behavior that ambari uses the default cert/trustore pairs used by java instead of the values specified in Ambari UI.

 

Please try adding the cert to the default java cert store.

 

Also have you tried running ambari-server setup-security and specifying the cert path.

 

Also, on HDP 3.1 we've noticed that the node cert should be the only cert in the store for the correct cert to be extracted by Ambari. I.e. a store with all the node certs will not allow Ambari to extract the correct cert for the corresponding node.

 

HTH

 

Best,
Lyubomir

View solution in original post

1,177 Views
2 REPLIES 2

avatar
author-rank lyubomirangelo
Contributor

Created ‎01-22-2020 02:56 AM

Hello,

In older versions of ambari, HDP 2.6.5 we've seen behavior that ambari uses the default cert/trustore pairs used by java instead of the values specified in Ambari UI.

 

Please try adding the cert to the default java cert store.

 

Also have you tried running ambari-server setup-security and specifying the cert path.

 

Also, on HDP 3.1 we've noticed that the node cert should be the only cert in the store for the correct cert to be extracted by Ambari. I.e. a store with all the node certs will not allow Ambari to extract the correct cert for the corresponding node.

 

HTH

 

Best,
Lyubomir

1,178 Views

avatar
author-rank mkobe
Contributor

Created on ‎01-22-2020 07:37 AM - edited ‎01-22-2020 12:19 PM

@lyubomirangelo 

 

Thank you! Going through the wizard (ambari-server setup-security) fixed my issue. I just needed to point to the new key and certificate chain file, then restart.

 

 

1,167 Views
Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements