KBEC-00355 - Repopulating <EF_data>/conf/security directory

Article ID:360033189971
1 minute readKnowledge base

Summary

If you’re setting up a server instance and don’t have or can’t use the original files in the conf/security directory, these are the commands you can run to generate a new set of certificates and other files.

Solution

If you think you might be missing any other key directories or files, the simplest solution is to re-install the CloudBees CD (CloudBees Flow) server and re-connect to your original database. If you only need to reconstruct the conf/security directory, follow these steps.

  1. Back up the current keystore in your conf directory.

  2. Copy openssl.cnf from another installation - this is a configurations file for OpenSSL to generate the key. Open the file and check that dir is pointed to the appropriate directory for your installation.

  3. Run "eccert initCA" to generate a new set of serverCA key and certificate.

  4. Run "eccert initServer --force" to sign this new certificate and generate a new keystore.

Since this generates a new set of certificate and keystore, you will need to re-configure any trusted agents to use this new set. The steps to do so, as well as additional details on the eccert command, is in our full documentation.