Environment
- Yugabyte Platform - 2.4.8, 2.6.7
Issue
After uploading a new root certificate under Configs => Security => Encryption In Transit => Add Certificate => Self Signed, applying this certificate to an existing Yugabyte universe fails.
An error similar to the following appears in the platform application log:
FileNotFoundError: [Errno 2] No such file or directory: '/opt/yugabyte/yugaware/data/certs/.../.../yugabytedb.crt'
Note: The TLS certificate rotation feature was backported to the 2.4 series in version 2.4.8 and to the 2.6 series in version 2.6.7. This feature is unavailable in earlier releases.
Resolution
Overview
In platform versions 2.4.8 and 2.6.7, the client certificate yugabytedb.crt is only created when certificates are generated at universe creation time. This leads to a file not found error when trying to apply a certificate created through the security configuration page to an existing universe.
This issue will be resolved in platform versions 2.4.9 and 2.6.8. This issue does not affect platform versions 2.8.0 or newer.
As a workaround in versions 2.4.8 and 2.6.7, create a new universe with in-flight TLS encryption enabled, apply the generated certificate to the existing universe, then delete the new universe.
Comments
0 comments
Please sign in to leave a comment.