Got it

How to change the certificate

Latest reply: Dec 23, 2021 09:22:59 2923 8 13 0 0

Hello, everyone!

The post will share with you how to change the certificate.

1. Prepare a password for accessing the key file, for example, userpwd@123. Use PuTTY to log in to any node in the cluster as user root.

2. Run the following command in the current directory to generate a certificate file and key file:

openssl req -new -x509 -keyout ca.key -passin pass:password -out ca.crt -passout pass:password -days 3650 -subj "/C=CN/ST=hw/L=hw/O=hw/OU=hw/CN=hw"

For example, openssl req -new -x509 -keyout ca.key -passin pass:userpwd@123 -out ca.crt -passout pass:userpwd@123 -days 3650 -subj "/C=CN/ST=hw/L=hw/O=hw/OU=hw/CN=hw"

3. Run the following command in the current directory to save the password for accessing the key file:

echo password=`/opt/huawei/Bigdata/nodeagent/tools/encrypt.sh --strSrc "password" --encType "AES256"`>password.property

For example, echo password=`/opt/huawei/Bigdata/nodeagent/tools/encrypt.sh --strSrc "userpwd@123" --encType "AES256"`>password.property

4. Compress the three files in the .tar format and save them to the local computer.

5. Log in to the FusionInsight Manager system, click System.

6. In the Perform certificate management area, click Certificate management to go to Certificate Management.

7. In the Select a certificate package area, click file selecting button. In the window for selecting files, select the obtained .tar certificate file packages and open them. The system automatically imports the certificate.

8. After the certificate is imported, click Yes to restart FusionInsight for the certificate to take effect.

9. In the displayed window, enter the password and click OK to automatically restart FusionInsight cluster and OMServer.

10. In the address box of your browser, enter the FusionInsight Manager network address to verify that the page can be opened successfully after FusionInsight Manager restarts.

That's all, thanks!

  • x
  • convention:

dagui
Created Dec 26, 2018 01:14:25

Compress the three files in the .tar format and save them to the local computer.Can you provide a more detailed explanation?
View more
  • x
  • convention:

JoneSnow
Created Dec 26, 2018 01:15:29

Need to restart FusionInsight cluster to take effect
View more
  • x
  • convention:

yiyi0519
Created Dec 26, 2018 01:15:34

Certificate authentication is widely used, and can be used in SSL VPN user access and IPSEC access authentication.
View more
  • x
  • convention:

YOO
Created Dec 26, 2018 01:17:53

we encounter many certificate case in the project,this is very helpful on How to change the cetificate,can you share more information?
View more
  • x
  • convention:

xiaomumu
Created Dec 26, 2018 01:34:54

Verify whether the page can be opened successfully after restart by FusionInsight Manager. Can you provide the screenshot of the interface after opening successfully?
View more
  • x
  • convention:

DZKM
Created Dec 26, 2018 01:46:43

For example, echo password=`/opt/huawei/Bigdata/nodeagent/tools/encrypt.sh --strSrc "userpwd@123" --encType "AES256"`>password.property





4.Compress the three files in the .tar format and save them to the local computer.

5.Log in to the FusionInsight Manager system, click System.

6.In the Perform certificate management area, click Certificate management to go to Certificate Management.

7.In the Select a certificate package area, click file selecting button. In the window for selecting files, select the obtained .tar certificate file packages and open them. The system automatically imports the certificate.



8.After the certificate is imported, click Yes to restart FusionInsight for the certificate to take effect.

9.In the displayed window, enter the password and click OK to automatically restart FusionInsight cluster and OMServer.

10.In the address box of your browser, enter the FusionInsight Manager network address to verify that the page can be opened successfully after FusionInsight Manager restarts.
View more
  • x
  • convention:

user_2915719
Created Dec 26, 2018 02:49:22

How do we normally spread the certificates to the other servers? By using FTP or something other network tool? If so, we must ensure the transferring is in a secured network.
View more
  • x
  • convention:

olive.zhao
Admin Created Dec 23, 2021 09:22:59

Thanks for your sharing!
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.