I tried stopping the ambari server, removing the ca.crt/ca.key files from the
keys directory, and
restarted the ambari server.
It appears to have automatically generated a new set of certs. However, how the
server log is showing:
javax.net.ssl.SSLException: Received fatal alert: unknown_ca
when the clients try to connect. I tried removing the certs on the client side
and restarting
the ambari agent. It contacted the server and tried to generate new certs, but
the command
failed on the server side:
Using configuration from /var/lib/ambari-server/keys/ca.config
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
organizationalUnitName:ASN.1 12:’client.host.address’ # not the real
address
Certificate is to be certified until Sep 24 14:06:05 2015 GMT (365 days)
failed to update database
TXT_DB error number 2
On Sep 24, 2014, at 8:37 AM, Brian Jeltema <[email protected]>
wrote:
> Our ambari server has lost contact with the cluster nodes because the SSL
> certificates have
> expired. Is there a straightforward way to fix this?
>
> Brian
>
