How to Renew the Default Self-Signed Certificates on Big Data Service on OCI with CDH (Doc ID 2858642.1)

Last updated on JUNE 28, 2023

Applies to:

Big Data Service on OCI - Version N/A and later
x86_64

Purpose

This note details how to renew the default self-signed certificates on Big Data Service on OCI (BDS) with CDH if they have expired or are close to expiring.

Details

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Purpose

Details

Prerequisites

Download and Verify renewcerts.zip

Confirm if passwordless ssh is setup:

If passwordless ssh is setup

If passwordless ssh is not setup

Verify that /opt/oracle/install/state/config.json has the parameter the certificate renewal script looks for

Confirm the Cloudera SCM Server is up

Create missing truststore files on the host with Cloudera Manager role

Copy the files to all nodes and set up permissions

Verify Cluster Health

Backups

Back up /opt/cloudera/security

Back up /etc/cloudera-scm-agent

Renew the Certificates

Steps to Update Certificates on Edge Nodes Which are Part of the Cluster

Restart the Cluster

Perform Cluster Verifications

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

How to Renew the Default Self-Signed Certificates on Big Data Service on OCI with CDH (Doc ID 2858642.1)

Applies to:

Purpose

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!