Support Questions
Find answers, ask questions, and share your expertise

Change certificates



Friends I would need your help, I have installed an environment that was created with a CA, but due to modifications in the main office we have created a new CA and I need to put these new certificates in the environment. I need your help how can I do it or do I have to reinstall everything?


Thank you



The first step is to create a Root Secure Sockets Layer (SSL) certificate. This root certificate can then be used to sign any number of certificates you might generate for individual domains. If you aren’t familiar with the SSL ecosystem, this article from DNSimple does a good job of introducing Root SSL certificates.

Generate an RSA-2048 key and save it to a file rootCA.key. This file will be used as the key to generating the Root SSL certificate. You will be prompted for a passphrase which you’ll need to enter each time you use this particular key to generate a certificate.

openssl genrsa -des3 -out rootCA.key 2048

You can use the key you generated to create a new Root SSL certificate. Save it to a file namedrootCA.pem. This certificate will have a validity of 1,024 days. Feel free to change it to any number of days you want. You’ll also be prompted for other optional information.

openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

 I hope this information helps!





If my question is about replacing certificates in my Hortonwork environment today.

I have an intermediate certificate, for the chain of custody I must generate a truststore with the 2 certificates¿?

Thanks for the information


Hello @Lewis


My question is

When I installed Ambari I created a truststore where I put my CA certificate and other certificates, now that I have to change I just need to remove the truststore and replace it or how I should manage this change.


Hello @Lewis The problem is that my cacerts.jks expired and therefore I need to renew it in my environment x that's why I need your help as I have to do the whole process Greetings