Use keytool to access the JKS file get SSL certificate

In the test environment ,Hive DB Set up in Ambari In a unified management environment ,Knox Provide gateway function .

One day ,Knox Service startup failed , see log An error is as follows ：

2022-06-08 20:40:07,992 INFO  knox.gateway (JettySSLService.java:logAndValidateCertificate(112)) - The Gateway SSL certificate is issued to hostname: server.test.com.
2022-06-08 20:40:07,993 INFO  knox.gateway (JettySSLService.java:logAndValidateCertificate(115)) - The Gateway SSL certificate is valid between: 6/4/21 8:53 AM and 6/4/22 8:53 AM.
2022-06-08 20:40:07,998 FATAL knox.gateway (GatewayServer.java:main(175)) - Failed to start gateway: org.apache.knox.gateway.services.ServiceLifecycleException: Gateway SSL Certificate is Expired. Server will not start.

SSL certificate Out of date , This problem Google A solution can be found at once . Refer to this article for details IBM technote.

[[email protected] ~]# ll /var/lib/knox/data*/security/keystores/gateway.jks
-rw-r--r-- 1 knox knox 1379 Jun  4  2021 /var/lib/knox/data-3.1.5.0-152/security/keystores/gateway.jks
[[email protected] ~]# mv /var/lib/knox/data*/security/keystores/gateway.jks /tmp/gateway.jks

And then restart Knox Services and Knox Inside LDAP The service automatically generates new certificate 了 ,Knox Successful startup .

however , When client Connect the end Hive DB Words , Need to use new SSL certificate. Here you can use the following command to start from gateway.jks File read SSL certificate.

keytool -list -rfc  -keystore gateway.jks