Manual Process of Changing the Security Policy and Token Files

Updating the security policy and token files when certificates are about to expire is a manual process. Ensure that you go through these steps when the security certificate in a policy or token file is about to expire.

1. Generate a new policy file using the same policy and domain names as the old policy file. Be sure to specify the validity_days option with the number of days you want the new certificate to be valid for.
2. Edit the settings of the new policy file (metaspace access list, etc.) to match the settings of the old policy file.
3. Generate a new token file based upon the new policy file. Review the settings in the new token file to make sure they match the settings in the old token file.
4. Shutdown the cluster and all of its clients.
5. Restart the security domain controller(s) using the new policy file.
6. Restart the rest of the cluster using the new token file.

Copyright © Cloud Software Group, Inc. All rights reserved.