My Oracle Support Banner

How to Regenerate the Default Self-Signed Certificates on BDA V4.3 and Higher (Doc ID 2401766.1)

Last updated on SEPTEMBER 03, 2020

Applies to:

Big Data Appliance Integrated Software - Version 4.3.0 and later
Linux x86-64

Purpose

This note provides steps to completely reset a cluster's certificates.  This would be used for example when the cluster is making use an unknown certificate type which is expiring or expired and it is required to reset the cluster to make use of the default self-signed BDA certificates on BDA V4.3 and higher.  This requirement differs from that detailed in:  How to Renew the Default Self-Signed Certificates on BDA V4.3 and Higher (Doc ID 2365807.1) where the default self-signed certificates on BDA V4.3 and higher need to be renewed because they have expired or are close to expiring.  It also differs  from that in:  How to Setup Certificates Signed by a User's Certificate Authority (CA) for Web Consoles and Hadoop Network Encryption Use on BDA 4.5 and Higher (Doc ID 2443887.1).

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Details
 Overview
 Background
 Known Issues
 Frequently Asked Questions.
 Prerequisites
 Prerequisites for regeneratecerts.zip
 Prerequisites for Non-BDA Edge Nodes Which are Part of the Cluster
 Prerequisites for Cluster Health
 Prerequisite Backups for /opt/cloudera/security, /etc/cloudera-scm-agent, Truststore/Keystore passwords and paths, and CM settings
 Steps to Regenerate Default Self-Signed Certificates
 Stop Cluster Services and mgmt Services in Cloudera Manager
 Generate Random Truststore and Keystore passwords
 Regenerate Certificates on the Cluster Via the Regenerate Script
 In Cloudera Manager Update Truststores and Keystores and Associated Passwords
 Cluster Name
 Global for all mgmt services via mgmt
 Global for all mgmt services via Administration
 For Navigator Audit Server
 For Navigator Metadata Server
 For the hdfs service
 For the Oozie service
 For Key Trustee KMS
 Update the CM Server and Agent Configuration File
 Steps to Update Certificates on Non-BDA Edge Nodes Which are Part of the Cluster
 Restart the Cluster
 Final Verifications
 Post Renewal Check
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.