KBEC-00355 - Repopulating <EF_data>/conf/security directory


If you’re setting up a server instance and don’t have or can’t use the original files in the conf/security directory, these are the commands you can run to generate a new set of certificates and other files.


If you think you might be missing any other key directories or files, the simplest solution is to re-install the CloudBees CD (CloudBees Flow) server and re-connect to your original database. If you only need to reconstruct the conf/security directory, follow these steps.

  1. Back up the current keystore in your conf directory.
  2. Copy openssl.cnf from another installation - this is a configurations file for OpenSSL to generate the key. Open the file and check that dir is pointed to the appropriate directory for your installation.
  3. Run “eccert initCA” to generate a new set of serverCA key and certificate.
  4. Run “eccert initServer –force” to sign this new certificate and generate a new keystore.

Since this generates a new set of certificate and keystore, you will need to re-configure any trusted agents to use this new set. The steps to do so, as well as additional details on the eccert command, is in our full documentation.

Have more questions?


Please sign in to leave a comment.