How to Determine if the Certificates Used for Web Consoles and Hadoop Network Encryption on the BDA are Expired or About to Expire

(Doc ID 2370478.1)

Last updated on MARCH 16, 2018

Applies to:

Big Data Appliance Integrated Software - Version 4.3.0 and later
Linux x86-64

Goal

Certificates installed throughout TLS/SSL-configured clusters have a defined lifetime. That lifetime begins on a certain date and ends on another date.

For example, the following output shows that this certificate is valid between Thu Aug 03 10:33:04 PDT 2017 and Wed Jul 24 10:33:04 PDT 2019 only:

If the certificates used for TLS/SSL expire on BDA V4.3 and higher, jobs should continue to run, but Cloudera Manager(CM) will be in "bad" health.  For example if the CM certificate expires agents can not heartbeat into the cluster.

To prevent this from happening replace certificates before they expire or replace them as soon as possible after expiration.

This note provides the details on how to determine if the certificates used for web consoles and Hadoop Network Encryption are about to expire or are expired on BDA V4.3 and higher.

 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms