Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Change certificates

Change certificates

Explorer

Hello,

Friends I would need your help, I have installed an environment that was created with a CA, but due to modifications in the main office we have created a new CA and I need to put these new certificates in the environment. I need your help how can I do it or do I have to reinstall everything?

 

Thank you

4 REPLIES 4
Highlighted

Re: Change certificates

Explorer

The first step is to create a Root Secure Sockets Layer (SSL) certificate. This root certificate can then be used to sign any number of certificates you might generate for individual domains. If you aren’t familiar with the SSL ecosystem, this article from DNSimple does a good job of introducing Root SSL certificates.

Generate an RSA-2048 key and save it to a file rootCA.key. This file will be used as the key to generating the Root SSL certificate. You will be prompted for a passphrase which you’ll need to enter each time you use this particular key to generate a certificate.

openssl genrsa -des3 -out rootCA.key 2048

You can use the key you generated to create a new Root SSL certificate. Save it to a file namedrootCA.pem. This certificate will have a validity of 1,024 days. Feel free to change it to any number of days you want. You’ll also be prompted for other optional information.

openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

 I hope this information helps!

Regards,

Lewis

Highlighted

Re: Change certificates

Explorer

Hello,

If my question is about replacing certificates in my Hortonwork environment today.

I have an intermediate certificate, for the chain of custody I must generate a truststore with the 2 certificates¿?

Thanks for the information

Highlighted

Re: Change certificates

Explorer

Hello @Lewis

 

My question is

When I installed Ambari I created a truststore where I put my CA certificate and other certificates, now that I have to change I just need to remove the truststore and replace it or how I should manage this change.

Greetings

Highlighted

Re: Change certificates

Explorer
Hello @Lewis The problem is that my cacerts.jks expired and therefore I need to renew it in my environment x that's why I need your help as I have to do the whole process Greetings
Don't have an account?
Coming from Hortonworks? Activate your account here