Summary
If you’re setting up a server instance and don’t have or can’t use the original files in the conf/security directory, these are the commands you can run to generate a new set of certificates and other files.
Solution
If you think you might be missing any other key directories or files, the simplest solution is to re-install the CloudBees CD (CloudBees Flow) server and re-connect to your original database. If you only need to reconstruct the conf/security directory, follow these steps.
-
Back up the current keystore in your conf directory.
-
Copy openssl.cnf from another installation - this is a configurations file for OpenSSL to generate the key. Open the file and check that dir is pointed to the appropriate directory for your installation.
-
Run "eccert initCA" to generate a new set of serverCA key and certificate.
-
Run "eccert initServer --force" to sign this new certificate and generate a new keystore.
Since this generates a new set of certificate and keystore, you will need to re-configure any trusted agents to use this new set. The steps to do so, as well as additional details on the eccert command, is in our full documentation.