Support Questions
Find answers, ask questions, and share your expertise

How to renew certificates

How to renew certificates

New Contributor

I have installed CDH 6.3 with auto-TLS, so the cluster works with the certificates created and signed by CM with the internal CA.

Now I'm trying to renew the certificates before they expire.

As a first step I'm trying to set up the certificates for Cloudera Manager following the instructions provided here:

I'm using self-signed certificates so I've created an internal certificate authority.

I have generated and distributed the certificates as detailed in the sub-section "Generate TLS Certificates" and changed the configuration settings as described in the sub-section "Configure TLS for the Cloudera Manager Admin Console".

When I try to restart the Cloudera Management Service the operation fails and I see these error in the log file /var/log/cloudera-scm-firehose/





2020-10-14 17:35:03,658 WARN com.cloudera.cmf.BasicScmProxy: Exception while getting fetch configDefaults hash: none No trusted certificate found




 Is it possible to enable further debug information to see what certificates are involved and test them to see where the problem lies?

I would also check that my approach is correct: is it possible to manually configure TLS Encryption for Cloudera Manager and CDH services if the cluster was already configured with auto-TLS ?


Many thanks,