You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by Tuong Truong <ir...@yahoo.com.INVALID> on 2017/03/21 01:35:41 UTC

Regen /var/lib/ambari-server/keys/ca.*

Hi Ambari Dev,
Is there a way to get Ambari server to regenerate the default ca.*  files in /var/lib/ambari-server/keys?   In Ambari 2.1, the md5 is used by default and we would like to change ca.config to use a more secure algorithm, and regen the default ca.* files. Respectfully,
Tuong

Re: Regen /var/lib/ambari-server/keys/ca.*

Posted by Robert Levas <rl...@hortonworks.com>.

Hi Toung.  

I am not sure if this is the best way to do it, but it appeared to work for me.

1) Backup the /var/lib/ambari-server/keys
2) Remove the following files from /var/lib/ambari-server/keys
a. ca.crt
b. ca.csr 
c. ca.key
3) Remove the files from /var/lib/ambari-server/keys/db/newcerts
4) Truncate (or delete and recreate) the following files in /var/lib/ambari-server/keys/db
a. index.txt  
b. index.txt.attr
5) Edit /var/lib/ambari-server/keys/db/serial to contain the following line
a. 00
6) Restart Ambari server

Once this is done, I believe that you will need to remove the keys from /var/lib/ambari-agent/keys and restart the Ambari agent on each host. 

Rob


On 3/20/17, 9:35 PM, "Tuong Truong" <ir...@yahoo.com.INVALID> wrote:

    Hi Ambari Dev,
    Is there a way to get Ambari server to regenerate the default ca.*  files in /var/lib/ambari-server/keys?   In Ambari 2.1, the md5 is used by default and we would like to change ca.config to use a more secure algorithm, and regen the default ca.* files. Respectfully,
    Tuong