Security Certificate Expiry Alarm

Describes the NODE_ALARM_CERTIFICATE_NEAR_EXPIRATION alarm.

UI Column
SSL Certificate Expiry
Logged As

NODE_ALARM_CERTIFICATE_NEAR_EXPIRATION

Meaning

SSL certificates are expiring within the number of days denoted by the CLDB setting cldb.ssl.cert.expiring.alarm.days. See cldb.conf for more information.

Resolution
Renew the SSL certificates. See Importing a Certificate Authority Signed (CA Signed) SSL Certificate Into a MapR Cluster for more information.
Configuration
None.
Specification
This alarm is raised when any of the first ten security certificates in /opt/mapr/conf/ssl_keystore or in /opt/mapr/conf/ssl_truststore are set to expire within the number of days denoted by the CLDB setting cldb.ssl.cert.expiring.alarm.days. Once the alarm is raised, the administrator needs to find out the certificates that are expiring, and renew them.

To find out the certificates that are expiring, use the /opt/mapr/server/getSSLExpiryCerts.py Python script. For example:

python /opt/mapr/server/getSSLExpiryCerts.py -print
            Below certificates expiring in the next 120 days
            Truststore:
            Alias: 100day valid until: Mon Jul 13 04:04:15 PDT 2020
            Alias: 65day valid until: Mon Jun 08 03:45:44 PDT 2020
            Alias: 70day valid until: Sat Jun 13 03:46:00 PDT 2020
            Alias: 80day valid until: Tue Jun 23 03:46:14 PDT 2020
            Alias: 90day valid until: Fri Jul 03 04:03:57 PDT 2020
            Keystore:
            Alias: 3daymay17 valid until: Thu May 21 04:20:26 PDT 2020