My Oracle Support Banner

How to Renew the Default Self-Signed Certificates on Big Data Service on OCI with CDH (Doc ID 2858642.1)

Last updated on JULY 20, 2022

Applies to:

Big Data Service on OCI - Version N/A and later
x86_64

Purpose

 This note details how to renew the default self-signed certificates on Big Data Service on OCI (BDS) with CDH if they have expired or are close to expiring.

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Details
 Prerequisites
 Download and Verify renewcerts.zip
 Confirm if passwordless ssh is setup:
 If passwordless ssh is setup
 If passwordless ssh is not setup
 Verify that /opt/oracle/install/state/config.json has the parameter the certificate renewal script looks for  
 Confirm the Cloudera SCM Server is up
 Create missing truststore files on the host with Cloudera Manager role
 Copy the files to all nodes and set up permissions
 Verify Cluster Health
 Backups
 Back up /opt/cloudera/security
 Back up /etc/cloudera-scm-agent
 Renew the Certificates
 Steps to Update Certificates on Edge Nodes Which are Part of the Cluster
 Restart the Cluster
 Perform Cluster Verifications
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.