Updating a Custom Certificate

Use the following steps to rollout an existing custom certificate before expiration for TIBCO Control Plane.

    Procedure
  1. Update the secret configured in data plane to also contain the new TIBCO Control Plane certificate.
  2. Configure the Ingress Controller or Load Balancer for TIBCO Control Plane with the updated private key and certificate. For more information, see Step 5 in Using Custom Certificate.
  3. Restart tibtunnel, cp-proxy, and OAuth2 proxy deployments, which can be done by using the following three commands:

    ## For Tibtunnel
    kubectl rollout restart -n <namespace> deployment/tp-tibtunnel
    --------
    ## For cp-proxy
    kubectl rollout restart -n <namespace> deployment/tp-cp-proxy
    --------
    ##for OAuth2 proxy
    kubectl rollout restart -n <namespace> deployment/oauth2-proxy
  4. Switch to using a new private key and corresponding certificate.

  5. Remove the expired certificate by modifying steps 1 and 2 as needed once everything is tested.