You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Tuong Truong <ir...@yahoo.com.INVALID> on 2017/03/21 01:35:41 UTC
Regen /var/lib/ambari-server/keys/ca.*
Hi Ambari Dev,
Is there a way to get Ambari server to regenerate the default ca.* files in /var/lib/ambari-server/keys? In Ambari 2.1, the md5 is used by default and we would like to change ca.config to use a more secure algorithm, and regen the default ca.* files. Respectfully,
Tuong
Re: Regen /var/lib/ambari-server/keys/ca.*
Posted by Robert Levas <rl...@hortonworks.com>.
Hi Toung.
I am not sure if this is the best way to do it, but it appeared to work for me.
1) Backup the /var/lib/ambari-server/keys
2) Remove the following files from /var/lib/ambari-server/keys
a. ca.crt
b. ca.csr
c. ca.key
3) Remove the files from /var/lib/ambari-server/keys/db/newcerts
4) Truncate (or delete and recreate) the following files in /var/lib/ambari-server/keys/db
a. index.txt
b. index.txt.attr
5) Edit /var/lib/ambari-server/keys/db/serial to contain the following line
a. 00
6) Restart Ambari server
Once this is done, I believe that you will need to remove the keys from /var/lib/ambari-agent/keys and restart the Ambari agent on each host.
Rob
On 3/20/17, 9:35 PM, "Tuong Truong" <ir...@yahoo.com.INVALID> wrote:
Hi Ambari Dev,
Is there a way to get Ambari server to regenerate the default ca.* files in /var/lib/ambari-server/keys? In Ambari 2.1, the md5 is used by default and we would like to change ca.config to use a more secure algorithm, and regen the default ca.* files. Respectfully,
Tuong