IBM Support

How to renew Knox Gateway SSL certificate after it expires

Troubleshooting


Problem

Knox server will not start/restart

Symptom

When restarting services via Ambari cosole the Knox server will not restart

Cause

Gateway SSL Certificate is Expired

Environment

Linux

Diagnosing The Problem

Check the log file

2016-07-18 16:23:16,229 INFO hadoop.gateway (JettySSLService.java:
logAndValidateCertificate(122)) - The Gateway SSL certificate is valid
between: 6/2/15 2:10 PM and 6/1/16 2:10 PM.
2016-07-18 16:23:16,233 FATAL hadoop.gateway (GatewayServer.java:main
(120)) - Failed to start gateway: org.apache.hadoop.gateway.services.
ServiceLifecycleException: Gateway SSL Certificate is Expired.

Resolving The Problem

1) on the knox gateway locate the gateway.jks file -- it is usually in the path
/var/lib/knox/data*/security/keystores/gateway.jks

2) move the original file gateway.jks to another directory as a backup copy
3) restart the knox server

[{"Product":{"code":"SSCRJT","label":"IBM Db2 Big SQL"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF016","label":"Linux"}],"Version":"4.1.0","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSZDBA","label":"Hortonworks Data Platform for IBM"},"ARM Category":[{"code":"a8m50000000L2OMAA0","label":"Management"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
07 December 2020

UID

swg21987527