TT Bigdata
JaneTTR
2025-10-31

Ambari Server 证书调试安装速记

### ambari-server 安装 也是前提。

dnf install -y ambari-server 

### 生成 CSR

install -d -m 0755 /etc/pki/tls/certs /etc/pki/tls/private
chmod 0700 /etc/pki/tls/private
cat >/tmp/ambari-req.cnf <<'EOF'
[ req ]
prompt = no
default_md = sha256
distinguished_name = dn
req_extensions = req_ext

[ dn ]
CN = dev1.test.com
O  = TEST.COM

[ req_ext ]
subjectAltName = @alt

[ alt ]
DNS.1 = dev1.test.com
EOF
### 生成私钥与 CSR
openssl req -new -nodes -newkey rsa:2048 \
  -keyout /etc/pki/tls/private/ambari-server.key \
  -out /tmp/ambari-server.csr \
  -config /tmp/ambari-req.cnf
  
### 使用 FreeIPA 签发证书  
ipa cert-request /tmp/ambari-server.csr \
  --principal=HTTP/dev1.test.com@TEST.COM \
  --certificate-out=/etc/pki/tls/certs/ambari-server.crt
  
### 拼接 fullchain  
  
cat /etc/pki/tls/certs/ambari-server.crt \
    /etc/ipa/ca.crt \
> /etc/pki/tls/certs/ambari-server-fullchain.crt

ls -l /etc/pki/tls/certs/ambari-server-fullchain.crt



### 生成 keystore.p12

PASS="$(cat /var/lib/ambari-server/keys/pass.txt)"
openssl pkcs12 -export \
  -in /etc/pki/tls/certs/ambari-server-fullchain.crt \
  -inkey /etc/pki/tls/private/ambari-server.key \
  -name ambari \
  -out /var/lib/ambari-server/keys/keystore.p12 \
  -passout pass:"$PASS"

cp -f /etc/ipa/ca.crt /var/lib/ambari-server/keys/ca.crt
chmod 0644 /var/lib/ambari-server/keys/ca.crt



### 重启服务

ambari-server restart
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#Ambari#Kerberos#SSL#FreeIPA#HTTPS#证书管理
FreeIPA Client 调试安装速记
Atlas-Ranger-StringUtils缺失

Atlas-Ranger-StringUtils缺失

最近更新
01
Ranger Admin LDAP 认证报 Bad credentials 分析
02-15
02
Ranger Admin LDAP 认证报 Bad credentials 处理
02-15
03
Ranger Admin 证书快速导入脚本
02-15
更多文章>
Theme by Vdoing | Copyright © 2017-2026 JaneTTR | MIT License