Overview
Ambari/Deployer SSL Certificates have expired, as detected in a vulnerability scan. New certificates need to be requested and replaced.
Solution
- Follow the steps to request and extract the certificate files in Requesting and Configuring New SSL Certificates.
- Enter the following command to stop the Ambari server:
ambari-server stop
- Copy the following files to /var/lib/ambari-server/resources/ssl.crt and the private key to /var/lib/ambari-server/resources/ssl.key to overwrite existing files.
cp ssl.key /var/lib/ambari-server/resources/ssl.key
cp ssl.crt /var/lib/ambari-server/resources/ssl.crt
- Delete the following files:
rm /var/lib/ambari-server/keys/https.crt
rm /var/lib/ambari-server/keys/https.key
- Enter the following command to set up the certificate:
ambari-server setup-security
Note: If the SSL key was password-protected, you are prompted to enter it.
- Enter the following command to start the Ambari server:
ambari-server start
Comments
0 comments
Please sign in to leave a comment.