Generating Certificates After Initial Installation

Describes how to generate a ssl_keystore file during or after initial installation.

When you run the script at initial installation, but do not specify the -genkeys option, the script generates a ssl_keystore file for use by the web server for the MapR Control system. When the script is run with the -genkeys option after initial installation, the system detects the existing ssl_keystore file and exits with an error to prevent inadvertent deletion or reuse of the ssl_keystore file. The error message will look similar to the following example:

-secure -genkeys -C $CLDB_GRP -Z $ZK_GRP -RM $RM -HS
<hostname1>: Configuring Hadoop-2.x at
<hostname1>: Done configuring Hadoop
<hostname1>: CLDB node list:

<hostname1>: Zookeeper node
list: <hostname1>:5181,<hostname2>:5181,<hostname3>:5181

<hostname1>: Node setup configuration: cldb fileserver
historyserver nfs nodemanager resourcemanager webserver
<hostname1>: Log can be found at:
<hostname1>: /opt/mapr/conf/ssl_keystore already exists
<hostname1>: ERROR: could not generate ssl keys. See log file
for more details
clush: <hostname1>: exited with exit code 1

On clusters without security features enabled, the contents of the ssl_keystore file are unique to each node. In this case, manually delete the ssl_keystore file on each node, then run the command -genkeys.

On clusters where you have customized the contents of the ssl_keystore file, run the command -genkeys -nocerts to preserve your customizations.

For general information on security tickets and certificates, see Tickets and Certificates.