ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Levas <>
Subject Re: Regen /var/lib/ambari-server/keys/ca.*
Date Tue, 21 Mar 2017 15:56:22 GMT
Hi Toung.  

I am not sure if this is the best way to do it, but it appeared to work for me.

1) Backup the /var/lib/ambari-server/keys
2) Remove the following files from /var/lib/ambari-server/keys
a. ca.crt
b. ca.csr 
c. ca.key
3) Remove the files from /var/lib/ambari-server/keys/db/newcerts
4) Truncate (or delete and recreate) the following files in /var/lib/ambari-server/keys/db
a. index.txt  
b. index.txt.attr
5) Edit /var/lib/ambari-server/keys/db/serial to contain the following line
a. 00
6) Restart Ambari server

Once this is done, I believe that you will need to remove the keys from /var/lib/ambari-agent/keys
and restart the Ambari agent on each host. 


On 3/20/17, 9:35 PM, "Tuong Truong" <> wrote:

    Hi Ambari Dev,
    Is there a way to get Ambari server to regenerate the default ca.*  files in /var/lib/ambari-server/keys?
  In Ambari 2.1, the md5 is used by default and we would like to change ca.config to use a
more secure algorithm, and regen the default ca.* files. Respectfully,

View raw message