Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to renew certificates

How to renew certificates

New Contributor

I have installed CDH 6.3 with auto-TLS, so the cluster works with the certificates created and signed by CM with the internal CA.

Now I'm trying to renew the certificates before they expire.

As a first step I'm trying to set up the certificates for Cloudera Manager following the instructions provided here:

https://docs.cloudera.com/documentation/enterprise/latest/topics/how_to_configure_cm_tls.html

I'm using self-signed certificates so I've created an internal certificate authority.

I have generated and distributed the certificates as detailed in the sub-section "Generate TLS Certificates" and changed the configuration settings as described in the sub-section "Configure TLS for the Cloudera Manager Admin Console".

When I try to restart the Cloudera Management Service the operation fails and I see these error in the log file /var/log/cloudera-scm-firehose/mgmt-cmf-mgmt-SERVICEMONITOR-xxx-.xxx.xxx.log.out

 

 

 

 

2020-10-14 17:35:03,658 WARN com.cloudera.cmf.BasicScmProxy: Exception while getting fetch configDefaults hash: none
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found

 

 

 

 Is it possible to enable further debug information to see what certificates are involved and test them to see where the problem lies?

I would also check that my approach is correct: is it possible to manually configure TLS Encryption for Cloudera Manager and CDH services if the cluster was already configured with auto-TLS ?

 

Many thanks,

G.

Don't have an account?
Coming from Hortonworks? Activate your account here