Hi Toung. I am not sure if this is the best way to do it, but it appeared to work for me.
1) Backup the /var/lib/ambari-server/keys 2) Remove the following files from /var/lib/ambari-server/keys a. ca.crt b. ca.csr c. ca.key 3) Remove the files from /var/lib/ambari-server/keys/db/newcerts 4) Truncate (or delete and recreate) the following files in /var/lib/ambari-server/keys/db a. index.txt b. index.txt.attr 5) Edit /var/lib/ambari-server/keys/db/serial to contain the following line a. 00 6) Restart Ambari server Once this is done, I believe that you will need to remove the keys from /var/lib/ambari-agent/keys and restart the Ambari agent on each host. Rob On 3/20/17, 9:35 PM, "Tuong Truong" <[email protected]> wrote: Hi Ambari Dev, Is there a way to get Ambari server to regenerate the default ca.* files in /var/lib/ambari-server/keys? In Ambari 2.1, the md5 is used by default and we would like to change ca.config to use a more secure algorithm, and regen the default ca.* files. Respectfully, Tuong
