Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Renewed TLS Certificates - but browser still shows older one

Solved Go to solution
Highlighted

Renewed TLS Certificates - but browser still shows older one

Explorer

i have renewed the tls certificates and applied on the cloudera manager server but the browser is still showing the older one by looking at the expiry date , tried clearing the browser cache , but still it shows older ones. appreciate for any help

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Renewed TLS Certificates - but browser still shows older one

Master Collaborator

Yes of course.Restart the scm and agents.Then two things can happen:

 - everything falls apart - your agents will not be able to communicate with the scm server

 - all ok - check your certificate with openssl  - if it is still old, you are configuing the certificate in the wrong path.

 

Check also your settings in /etc.

 

11 REPLIES 11

Re: Renewed TLS Certificates - but browser still shows older one

Master Collaborator
As far as I know there is no way to extend the TLS certificate validity, so if you created a new certificate, and placed into a truststore make sure the old one is removed.

Re: Renewed TLS Certificates - but browser still shows older one

Explorer

@Tomas79

i meant i have requested for an new certificate and applied it on the server

Re: Renewed TLS Certificates - but browser still shows older one

Master Collaborator
You can try to get the server certificate via openssl command:
openssl s_client -connect <host>
and verify if the certificate is new or old.
If it is new, then your browser or PC has some issues.

Re: Renewed TLS Certificates - but browser still shows older one

Explorer

@Tomas79,

 

openssl s_client connect is reading the old certificate ,whereas i have replaced ceritificates with new one under the /opt/cloudera/security/x509 and /opt/cloudera/security/jks path

 

and i did not happen to notice any heartbeat issue , agents hearbeat are also working fine , i don't see any issues with that

Re: Renewed TLS Certificates - but browser still shows older one

Explorer
Does it require an restart of the cloudera manager service ?

Re: Renewed TLS Certificates - but browser still shows older one

Master Collaborator

Yes of course.Restart the scm and agents.Then two things can happen:

 - everything falls apart - your agents will not be able to communicate with the scm server

 - all ok - check your certificate with openssl  - if it is still old, you are configuing the certificate in the wrong path.

 

Check also your settings in /etc.

 

Re: Renewed TLS Certificates - but browser still shows older one

Explorer

@Tomas79

 

it should have fallen apart after 15 secs, thats interval at which agents sends heartbeat and i have encountered issues with TLS over the past and when somethig has gone wrong , service would immediately fail and throws error in the log.

 

this is quite weird though

Re: Renewed TLS Certificates - but browser still shows older one

Explorer
i could only see new certificate applied on hue UI, hence i'm pretty sure on the path too of other server

Re: Renewed TLS Certificates - but browser still shows older one

Master Collaborator
But Hue does not have to be configured the same way as CM. Every component can have his truststore and keystore configured in a different path. Also for example Hue requires "cert" file in PEM format, other components requires JKS - truststores and keystores.
Don't have an account?
Coming from Hortonworks? Activate your account here