I have installed CDH 6.3 with auto-TLS, so the cluster works with the certificates created and signed by CM with the internal CA.
Now I'm trying to renew the certificates before they expire.
As a first step I'm trying to set up the certificates for Cloudera Manager following the instructions provided here:
I'm using self-signed certificates so I've created an internal certificate authority.
I have generated and distributed the certificates as detailed in the sub-section "Generate TLS Certificates" and changed the configuration settings as described in the sub-section "Configure TLS for the Cloudera Manager Admin Console".
When I try to restart the Cloudera Management Service the operation fails and I see these error in the log file /var/log/cloudera-scm-firehose/mgmt-cmf-mgmt-SERVICEMONITOR-xxx-.xxx.xxx.log.out
2020-10-14 17:35:03,658 WARN com.cloudera.cmf.BasicScmProxy: Exception while getting fetch configDefaults hash: none
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
Is it possible to enable further debug information to see what certificates are involved and test them to see where the problem lies?
I would also check that my approach is correct: is it possible to manually configure TLS Encryption for Cloudera Manager and CDH services if the cluster was already configured with auto-TLS ?
... View more