Updating a Custom Certificate
Use the following steps to rollout an existing custom certificate before expiration for TIBCO Control Plane.
- Procedure
- Update the secret configured in data plane to also contain the new TIBCO Control Plane certificate.
- Configure the Ingress Controller or Load Balancer for TIBCO Control Plane with the updated private key and certificate. For more information, see Step 5 in Using Custom Certificate.
-
Restart tibtunnel, cp-proxy, and OAuth2 proxy deployments, which can be done by using the following three commands:
## For Tibtunnel kubectl rollout restart -n <namespace> deployment/tp-tibtunnel -------- ## For cp-proxy kubectl rollout restart -n <namespace> deployment/tp-cp-proxy -------- ##for OAuth2 proxy kubectl rollout restart -n <namespace> deployment/oauth2-proxy
-
Switch to using a new private key and corresponding certificate.
-
Remove the expired certificate by modifying steps 1 and 2 as needed once everything is tested.