When using a certificate authority (CA) certificate or an intermediate CA certificate, the certificate expires and causes certificate-related errors.
|CloudBees CD uses a self-signed certificate by default. This section describes how to update a CA or intermediate CA certificate if you have used one to replace the self-signed certificate. If you are using the self-signed certificate instead and it has expired, see CloudBees CD Self-Signed Server Certificate Fails Security Scan for details about updating it.|
CloudBees CD certificates use Jetty. Follow these steps to update the existing certificate in the keystore and then publish it to Zookeeper:
Shut down all nodes on the CloudBees CD cluster except for one node.
Go to the CloudBees CD
<install_dir>directory on the node.
Delete the existing certificate from the keystore by entering:
jre/bin/keytool -delete -alias jetty -keystore keystore -keypass passkey
Generate a new key pair.
Specify a validity (in days) and a key size of either 1024 or 2048 by entering:
jre/bin/keytool -keystore keystore -alias jetty -genkey -keyalg RSA -sigalg MD5withRSA -validity 3650 -keysize 2048
Generate a certificate signing request (CSR) from the keystore by entering:
jre/bin/keytool -certreq -alias jetty -keystore keystore -file certreq.csr
Sign the CSR using your CA.
Import the signed certificate into the keystore by entering:
jre/bin/keytool -importcert -file <certificate> -keystore keystore -alias jetty
If CloudBees CD is clustered, publish the keystore to Zookeeper.
Go to the
<install_dir>/confdirectory and use the steps in Uploading Configuration Files to ZooKeeper . For example, enter the following command.
COMMANDER_ZK_CONNECTION=Invalid code tag detected: zookeeper_server_ip
"C:\Program Files\Electric Cloud\ElectricCommander\jre\bin\java.exe" -DCOMMANDER_ZK_CONNECTION=Invalid code tag detected: zookeeper_server_ip