Manually renewing public certificates for Data Lake and Cloudera Data Hub clusters

Public certificates are responsible for enabling TLS in front of Knox and other available services on port 443 of Data Lake and Cloudera Data Hub clusters. Public certificates expire every 90 days and are often automatically renewed by Cloudera. If automatic renewal fails, you can renew these certificates manually.

Required role (Data Lakes): EnvironmentAdmin or Owner of the environment

Required role (Cloudera Data Hub): DatahubAdmin, Owner of the Data Hub, EnvironmentAdmin, or Owner of the environment

To renew a public certificate, click the Renew Public Certificate button on the details page of a chosen Data Lake:

Or from the Actions menu of a Cloudera Data Hub cluster details page:

Triggering the certificate renewal may cause a minor cluster downtime of a few seconds. The entire renewal process takes a few minutes.

If you prefer to renew the certificates using the CLI, use the following commands:

Data Lake public certificate renewal:

cdp datalake renew-public-certificate --datalake <Data Lake name or CRN>

Cloudera Data Hub public certificate renewal:

cdp datahub renew-public-certificate --datahub <Data Hub name or CRN>