My Oracle Support Banner

How to Determine if the Certificates Used for Web Consoles and Hadoop Network Encryption on the BDA are Expired or About to Expire (Doc ID 2370478.1)

Last updated on JANUARY 30, 2022

Applies to:

Big Data Appliance Integrated Software - Version 4.3.0 and later
Linux x86-64

Goal

NOTE: In the examples that follow, user details, cluster names, hostnames, directory paths, filenames, etc. represent a fictitious sample (and are used to provide an illustrative example only). Any similarity to actual persons, or entities, living or dead, is purely coincidental and not intended in any manner. 

Certificates installed throughout TLS/SSL-configured clusters have a defined lifetime. That lifetime begins on a certain date and ends on another date.

For example, the following output shows that this certificate is valid between Thu Aug 03 10:33:04 PDT 2017 and Wed Jul 24 10:33:04 PDT 2019 only:

If the certificates used for TLS/SSL expire on BDA V4.3 and higher, jobs should continue to run, but Cloudera Manager(CM) will be in "bad" health.  For example if the CM certificate expires agents can not heartbeat into the cluster.  The result of this is that services depending on those certificates can not be started/stopped via CM.

To prevent this from happening replace certificates before they expire or replace them as soon as possible after expiration.

This note provides the details on how to determine if the certificates used for web consoles and Hadoop Network Encryption are about to expire or are expired on BDA V4.3 and higher.

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.