Rotating certificates

Last Updated : Sep 20, 2022 |

About this task

Use this procedure to rotate certificates managed by Certificate Manager.

For clusters using certificates generated by Certificate Manager, this task instructs Certificate Manager to regenerate those certificates and instructs the cluster to use these certificates.

For clusters using third-party certificates, this task instructs the cluster to use the third-party certificates that have been imported into Certificate Manager.

Before you begin

  • You must plan a maintenance window to perform this task.

  • If the cluster is to use third-party certificates, you must import the third-party certificates into Certificate Manager before performing this task.

Procedure

  1. Log in to Cluster Control Manager.
  2. Run the ccm rotate-cluster-certificates command.

    This command can take more than 60 minutes to complete.

  3. Wait approximately 30 minutes, then run ccm smoke-test on Cluster Control Manager and confirm that all tests pass. If ccm smoke-test fails, run it again in 10 minutes. If the test continuously fails for over an hour, contact your technical support representative.
Related information
Certificate management