Support Questions

Find answers, ask questions, and share your expertise

Cannot access AmbariUI after Cloudbreak installation.

avatar
Contributor

ambariui1.jpgambaruui.jpgI have setup Cloudbreak in Azure. I deployed both HDP and HDF cluster. Cloudbreak UI is accessable but when trying to open Ambari UI for both HDP and HDF its not working. Getting the error message: "

Your connection is not private

Attackers might be trying to steal your information from <ip-address/ambari/> (for example, passwords, messages, or credit cards). Learn more

68533-ambariui1.jpg

ambaruui.jpg

NET::ERR_CERT_INVALID"

1 ACCEPTED SOLUTION

avatar
Expert Contributor

Hi @Marshal Tito,

Could you execute the following command as root, to regenerate and replace the certificate. In 2.5.0 the certificate generation has changed and I am wondering whether that is causing some problem for you. Please replace the PUBLIC_IP value with your ip:

rm -rf /etc/certs_new
export PUBLIC_IP=172.21.250.249
export CBD_CERT_ROOT_PATH=/etc/certs_new
mkdir -p ${CBD_CERT_ROOT_PATH}
# Generate new certificates
certm -d $CBD_CERT_ROOT_PATH ca generate -o=testgw --overwrite
certm -d $CBD_CERT_ROOT_PATH server generate -o=testgw --host hostname --host ${PUBLIC_IP}
mv $CBD_CERT_ROOT_PATH/server.pem $CBD_CERT_ROOT_PATH/cluster.pem
mv $CBD_CERT_ROOT_PATH/server-key.pem $CBD_CERT_ROOT_PATH/cluster-key.pem
# Replaces cert in line 4 and 5
sed -i '4s/certs\//certs_new\//' /etc/nginx/sites-enabled/ssl.conf
sed -i '5s/certs\//certs_new\//' /etc/nginx/sites-enabled/ssl.conf
#Reload nginx
pkill -HUP nginx
keytool -printcert -v -file /etc/certs_new/cluster.pem

View solution in original post

17 REPLIES 17

avatar
Expert Contributor

Hi @Marshal Tito,

Could you execute the following command as root, to regenerate and replace the certificate. In 2.5.0 the certificate generation has changed and I am wondering whether that is causing some problem for you. Please replace the PUBLIC_IP value with your ip:

rm -rf /etc/certs_new
export PUBLIC_IP=172.21.250.249
export CBD_CERT_ROOT_PATH=/etc/certs_new
mkdir -p ${CBD_CERT_ROOT_PATH}
# Generate new certificates
certm -d $CBD_CERT_ROOT_PATH ca generate -o=testgw --overwrite
certm -d $CBD_CERT_ROOT_PATH server generate -o=testgw --host hostname --host ${PUBLIC_IP}
mv $CBD_CERT_ROOT_PATH/server.pem $CBD_CERT_ROOT_PATH/cluster.pem
mv $CBD_CERT_ROOT_PATH/server-key.pem $CBD_CERT_ROOT_PATH/cluster-key.pem
# Replaces cert in line 4 and 5
sed -i '4s/certs\//certs_new\//' /etc/nginx/sites-enabled/ssl.conf
sed -i '5s/certs\//certs_new\//' /etc/nginx/sites-enabled/ssl.conf
#Reload nginx
pkill -HUP nginx
keytool -printcert -v -file /etc/certs_new/cluster.pem

avatar
Contributor

Hi @Attila Kanto,

Sorry for the late response. I was about to execute the commands you mentioned, But I dont have any thing /etc/certs_new. Its only /etc/certs. And below files are there:

ca.pem ,

cb-client.pem,

cluster-key.pem

cluster.pem

This are in my hdf cluster. Please let me know what should i execute? Thank you.

avatar
Expert Contributor

@Marshal Tito there is no /etc/certs_new but the script what I sent is responsible to create it. It is basically just regenerating the certs with a different public ip, teherefore please don't forget to set export PUBLIC_IP=172.21.250.249 to the right value.

avatar
Contributor

@Attila Kanto Thank you so much for your continuous support. Yeap, finally its working. Salute! Thanks a lot. 🙂

avatar
Expert Contributor
@Marshal Tito

thanks for the feedback. based on your feedback will fix the certificate generation

avatar
New Contributor

I am having the same issue. Where do I need to run the script you gave @Attila Kanto.

Do I need to run them by ssh to Cloudbreak deployer VM?

Also is the public ip that I need to export of Ambari or Cloudbreak

avatar
Expert Contributor

Hi @Bimal Mehta

As the thread about not able to open the Ambari UI, you need to run the script on the node where the Ambari server is running. You should ssh to that instance run the script that will generate a new certificate for the machine's nginx with the right IP address to avoid this kind of certificate issues.

avatar
New Contributor

I am also facing the same issue for accessing ambari ui. Getting error as The website’s security certificate is not secure. Error Code: 0. I have used cloudbreak 2.9 for creating this cluster. Thanks in advance!