Security Certificate Expiry Alarm
Describes the NODE_ALARM_CERTIFICATE_NEAR_EXPIRATION alarm.
- UI Column
- SSL Certificate Expiry
- Logged As
-
NODE_ALARM_CERTIFICATE_NEAR_EXPIRATION
- Meaning
-
SSL certificates are expiring within the number of days denoted by the CLDB setting
cldb.ssl.cert.expiring.alarm.days
. See cldb.conf for more information. - Resolution
- Renew the SSL certificates. See Importing a Certificate Authority Signed (CA Signed) SSL Certificate Into a MapR Cluster for more information.
- Configuration
- None.
- Specification
- This alarm is raised when any of the first ten security certificates in
/opt/mapr/conf/ssl_keystore
or in/opt/mapr/conf/ssl_truststore
are set to expire within the number of days denoted by the CLDB settingcldb.ssl.cert.expiring.alarm.days
. Once the alarm is raised, the administrator needs to find out the certificates that are expiring, and renew them.To find out the certificates that are expiring, use the
/opt/mapr/server/getSSLExpiryCerts.py
Python script. For example:python /opt/mapr/server/getSSLExpiryCerts.py -print Below certificates expiring in the next 120 days Truststore: Alias: 100day valid until: Mon Jul 13 04:04:15 PDT 2020 Alias: 65day valid until: Mon Jun 08 03:45:44 PDT 2020 Alias: 70day valid until: Sat Jun 13 03:46:00 PDT 2020 Alias: 80day valid until: Tue Jun 23 03:46:14 PDT 2020 Alias: 90day valid until: Fri Jul 03 04:03:57 PDT 2020 Keystore: Alias: 3daymay17 valid until: Thu May 21 04:20:26 PDT 2020