Generating Certificates After Initial Installation

When you run the configure.sh script at initial installation, but do not specify the -genkeys option, the script generates a ssl_keystore file for use by the web server for the MapR Control System. When the configure.sh script is run with the -genkeys option after initial installation, the system detects the existing ssl_keystore file and exits with an error to prevent inadvertent deletion or reuse of the ssl_keystore file.

The error message will look similar to the following example:

/opt/mapr/server/configure.sh -secure -genkeys -C $CLDB_GRP -Z $ZK_GRP -RM $RM -HS $HISTORYSERVER 
<hostname1>: Configuring Hadoop-2.x at /opt/mapr/hadoop/hadoop-2.x 
<hostname1>: Done configuring Hadoop 
<hostname1>: CLDB node list: <hostname1>:7222,<hostname2>:7222,<hostname3>:7222 <hostname1>: 
Zookeeper node list: <hostname1>:5181,<hostname2>:5181,<hostname3>:5181 
<hostname1>: Node setup configuration: cldb fileserver historyserver nfs nodemanager resourcemanager webserver zookeeper 
<hostname1>: Log can be found at: /opt/mapr/logs/configure.log 
<hostname1>: /opt/mapr/conf/ssl_keystore already exists 
<hostname1>: ERROR: could not generate ssl keys. See log file for more details 
clush: <hostname1>: exited with exit code 1

On clusters without security features enabled, the contents of the ssl_keystore file are unique to each node. In this case, manually delete the ssl_keystore file on each node, then run the command configure.sh -genkeys.

On clusters where you have customized the contents of the ssl_keystore file, run the command configure.sh -genkeys -nocerts to preserve your customizations.

For general information on security tickets and certificates, see Tickets and Certificates.