My Oracle Support Banner

How to Renew the Default Self-Signed Certificates on Big Data Service on OCI with CDH (Doc ID 2858642.1)

Last updated on JUNE 28, 2023

Applies to:

Big Data Service on OCI - Version N/A and later


 This note details how to renew the default self-signed certificates on Big Data Service on OCI (BDS) with CDH if they have expired or are close to expiring.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 Download and Verify
 Confirm if passwordless ssh is setup:
 If passwordless ssh is setup
 If passwordless ssh is not setup
 Verify that /opt/oracle/install/state/config.json has the parameter the certificate renewal script looks for  
 Confirm the Cloudera SCM Server is up
 Create missing truststore files on the host with Cloudera Manager role
 Copy the files to all nodes and set up permissions
 Verify Cluster Health
 Back up /opt/cloudera/security
 Back up /etc/cloudera-scm-agent
 Renew the Certificates
 Steps to Update Certificates on Edge Nodes Which are Part of the Cluster
 Restart the Cluster
 Perform Cluster Verifications

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.