Manually renewing public certificates for Data Lake and Data Hub clusters
Public certificates are responsible for enabling TLS in front of Knox and other available services on port 443 of Data Lake and Data Hub clusters. Public certificates expire every 90 days and are often automatically renewed by CDP. If automatic renewal fails, you can renew these certificates manually.
Required role (Data Lakes): EnvironmentAdmin or Owner of the environment
Required role (Data Hub): DatahubAdmin, Owner of the Data Hub, EnvironmentAdmin, or Owner of the environment
To renew a public certificate, click the Renew Public Certificate button on the details page of a chosen Data Lake:
Or from the Actions menu of a Data Hub cluster details page:
Triggering the certificate renewal may cause a minor cluster downtime of a few seconds. The entire renewal process takes a few minutes.
If you prefer to renew the certificates using the CLI, use the following commands:
Data Lake public certificate renewal:
cdp datalake renew-public-certificate --datalake <Data Lake name or CRN>
Data Hub public certificate renewal:
cdp datahub renew-public-certificate --datahub <Data Hub name or CRN>