The certs produced are valid for 3 years only and I don't have ca.key to create new certs, which means I will have to start from the beginning in creating certs and placing them in all hosts except I got some 50TB data and I don't want data to be lost.
Please help me out of this situation.
While creating new certs I would also like to add new nodes to the cluster. Is it like I can just add new nodes ips and dns name and generate certs and add them the usual way or any other procedure to be followed.
Important: Back up your data before changing settings. You may also want to test your procedure using empty clusters with the same setup, before you try it on your main setup.
In general, mixing certs from different CAs can be OK, if you ensure all of the CA certs are trusted.
For example, your web browser or OS may have ~100 certs in its truststore, all from public CAs. When you browser different websites, those server certs may be signed by different trusted CAs. As long as all of the CA certs that signed the different server certs are in your truststore, it works. For client certs, extra care may be needed.
Where to add multiple CA certs depends which certs you are talking about? For example:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.