Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

After Rewewing Node Certificates Ambari Node Still Shows Old Certificate

Solved Go to solution
Highlighted

After Rewewing Node Certificates Ambari Node Still Shows Old Certificate

Explorer

The node certificates on my cluster are expiring soon so I have installed new ones, including on the node that has ambari-server.

 

However, after restarting ambari server, ambari agent, and even the node itself, the old certificate still shows.

 

I've tried also clearing cache and cookies for all time on my browser, but it doesn't work and the old cert even shows up on IE.

 

I've tried the same methodology for other nodes in the cluster and it has worked, so why isn't it working for the ambari node? (ambari-server is set up through an https port)

 

1 ACCEPTED SOLUTION

Accepted Solutions

Re: After Rewewing Node Certificates Ambari Node Still Shows Old Certificate

Hello,

In older versions of ambari, HDP 2.6.5 we've seen behavior that ambari uses the default cert/trustore pairs used by java instead of the values specified in Ambari UI.

 

Please try adding the cert to the default java cert store.

 

Also have you tried running ambari-server setup-security and specifying the cert path.

 

Also, on HDP 3.1 we've noticed that the node cert should be the only cert in the store for the correct cert to be extracted by Ambari. I.e. a store with all the node certs will not allow Ambari to extract the correct cert for the corresponding node.

 

HTH

 

Best,
Lyubomir

View solution in original post

2 REPLIES 2

Re: After Rewewing Node Certificates Ambari Node Still Shows Old Certificate

Hello,

In older versions of ambari, HDP 2.6.5 we've seen behavior that ambari uses the default cert/trustore pairs used by java instead of the values specified in Ambari UI.

 

Please try adding the cert to the default java cert store.

 

Also have you tried running ambari-server setup-security and specifying the cert path.

 

Also, on HDP 3.1 we've noticed that the node cert should be the only cert in the store for the correct cert to be extracted by Ambari. I.e. a store with all the node certs will not allow Ambari to extract the correct cert for the corresponding node.

 

HTH

 

Best,
Lyubomir

View solution in original post

Highlighted

Re: After Rewewing Node Certificates Ambari Node Still Shows Old Certificate

Explorer

@lyubomirangelo 

 

Thank you! Going through the wizard (ambari-server setup-security) fixed my issue. I just needed to point to the new key and certificate chain file, then restart.

 

 

Don't have an account?
Coming from Hortonworks? Activate your account here