Updating a Custom Certificate

Use the following steps to rotate an existing custom certificate before expiration for TIBCO Control Plane.

Procedure

Update the secret configured in data plane to also contain the new TIBCO Control Plane certificate.
Configure the Ingress Controller or Load Balancer for TIBCO Control Plane with the updated private key and certificate. For more information, see Step 5 in Using Custom Certificate.

Restart tibtunnel, cp-proxy, and OAuth2 proxy deployments. Restart is also required of the ingress-controller deployment or pod resources under ingress-system namespace for NGINX , kong, or traefik ingress controllers.

## For Tibtunnel
kubectl rollout restart -n <namespace> deployment/tp-tibtunnel
--------
## For cp-proxy
kubectl rollout restart -n <namespace> deployment/tp-cp-proxy
--------
##for OAuth2 proxy
kubectl rollout restart -n <namespace> deployment/oauth2-proxy

## for Ingress Controller
kubectl rollout restart deployment <ingress-controller-deployment-name> -n ingress-system

Switch to using a new private key and corresponding certificate.
Remove the expired certificate by modifying steps 1 and 2 as needed once everything is tested.

Did you find this helpful?

Yes No