I'm in the process of renewing certificates in my HDP cluster and the last thing on the agenda is the Knox server.
I understand that the new node cert is to be imported into gateway.jks, the Knox keystore, with an alias "gateway-identity".
The problem is no one knows the password to the keystore. I thought it was the master secret, which to my understanding is contained in the master file, typically under /var/lib/knox/data/security/master.
So I copy the password string inside and try it with the keystore, and obviously it's not working.
I really want to avoid creating a new master secret password (what would be the exact detailed implications or steps required after such an action anyways?)