IBM BigInsights: How to generate self signed certificate for Knox containing keys greater than 2048 bits and signed using stronger hashing algorithm ?

Answer

a) Create the self signed certificate with same alias and password (knox master secret) as knox default keystore , using 2048 bit keys and SHA256 algorithm for hashing , following is an example output

keytool -genkeypair -alias gateway-identity -keyalg RSA -keysize 2048 -keystore gateway.jks -validity 300 -sigalg SHA256withRSA
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: knoxserver1.ibm.com
What is the name of your organizational unit?
[Unknown]: BI
What is the name of your organization?
[Unknown]: IBM
What is the name of your City or Locality?
[Unknown]: San Jose
What is the name of your State or Province?
[Unknown]: CA
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=knoxserver1.ibm.com, OU=BI, O=IBM, L=San Jose, ST=CA, C=US correct?
[no]: yes

Enter key password for <gateway-identity>
(RETURN if same as keystore password):

b) Take a backup of existing gateway.jks and overwrite the generated keystore to knox default keystore location

cp gateway.jks /var/lib/knox/data-4.2.0.0/security/keystores/gateway.jks

c) Restart knox.

Verification
--
a) Access namenode UI using Quick Links from Ambari and verify the certificate details by clicking on lock icon from your browser address bar.