ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Jeltema <brian.jelt...@digitalenvoy.net>
Subject Re: certificates expired
Date Wed, 24 Sep 2014 14:15:08 GMT
I tried stopping the ambari server, removing the ca.crt/ca.key files from the keys directory,
and
restarted the ambari server.

It appears to have automatically generated a new set of certs. However, how the 
server log is showing:

    javax.net.ssl.SSLException: Received fatal alert: unknown_ca

when the clients try to connect. I tried removing the certs on the client side and restarting
the ambari agent. It contacted the server and tried to generate new certs, but the command
failed on the server side:

   Using configuration from /var/lib/ambari-server/keys/ca.config
   Check that the request matches the signature
   Signature ok
   The Subject's Distinguished Name is as follows
   organizationalUnitName:ASN.1 12:’client.host.address’   # not the real address
   Certificate is to be certified until Sep 24 14:06:05 2015 GMT (365 days)  
   failed to update database
   TXT_DB error number 2

On Sep 24, 2014, at 8:37 AM, Brian Jeltema <brian.jeltema@digitalenvoy.net> wrote:

> Our ambari server has lost contact with the cluster nodes because the SSL certificates
have
> expired. Is there a straightforward way to fix this? 
> 
> Brian
> 


Mime
View raw message