Description
When using a certificate authority (CA) certificate or an intermediate CA certificate, the certificate expires and causes certificate-related errors.
CloudBees CD/RO uses a self-signed certificate by default. This section describes how to update a CA or intermediate CA certificate if you have used one to replace the self-signed certificate. If you are using the self-signed certificate instead and it has expired, see CloudBees CD/RO Self-Signed Server Certificate Fails Security Scan for details about updating it. |
Workaround:
CloudBees CD/RO certificates use Jetty. Follow these steps to update the existing certificate in the keystore and then publish it to Zookeeper:
-
Shut down all nodes on the CloudBees CD/RO cluster except for one node.
-
Go to the CloudBees CD/RO
<install_dir>
directory on the node. -
Delete the existing certificate from the keystore by entering:
jre/bin/keytool -delete -alias jetty -keystore keystore -keypass passkey
-
Generate a new key pair.
Specify a validity (in days) and a key size of either 1024 or 2048 by entering:
jre/bin/keytool -keystore keystore -alias jetty -genkey -keyalg RSA -sigalg MD5withRSA -validity 3650 -keysize 2048
-
Generate a certificate signing request (CSR) from the keystore by entering:
jre/bin/keytool -certreq -alias jetty -keystore keystore -file certreq.csr
-
Sign the CSR using your CA.
-
Import the signed certificate into the keystore by entering:
jre/bin/keytool -importcert -file <certificate> -keystore keystore -alias jetty
-
If CloudBees CD/RO is clustered, publish the keystore to Zookeeper.
Go to the
<install_dir>/conf
directory and use the steps in Uploading Configuration Files to ZooKeeper. For example, enter the following command.-
Linux:
COMMANDER_ZK_CONNECTION=<ZooKeeper_Server_IP>:2181 ../jre/bin/java -jar ../server/bin/zk-config-tool-jar-with-dependencies.jar com.electriccloud.commander.cluster.ZKConfigTool --keystoreFile keystore
-
Windows:
"C:\Program Files\CloudBees\Software Delivery Automation\jre\bin\java.exe" -DCOMMANDER_ZK_CONNECTION=<ZooKeeper_Server_IP>:2181 -jar "C:\Program Files\CloudBees\Software Delivery Automation\server\bin\zk-config-tool-jar-with-dependencies.jar" com.electriccloud.commander.cluster.ZKConfigTool --databasePropertiesFile database.properties --keystoreFile keystore
-