30.2 Renewing Certificates After Expiration

You can renew both internal and external certificates after expiration.

To renew certificates after expiration:

  1. Log in to the master node.

  2. Change to the following directory:

    cd <K8S_HOME>

    By default, K8S_HOME is /opt/arcsight/kubernetes.

  3. (Conditional) For internal certificate:

    1. Run the following command to generate new client.crt, client.key and server.crt certificates:

      ./scripts/renewCert --renew -V 375 -t internal

    2. (Conditional) If you have multiple master nodes, run the following on all the master node:

      ./scripts/renewCert --renew -t internal

  4. (Conditional) For external certificate:

    • To generate new external self-signed certificates:

      ./scripts/renewCert --renew -t external

    • To generate the external custom self-signed certificates:

      ./scripts/renewCert --renew -t external --tls-cert /<cert file directory>/<cert file> --tls-key <private key directory>/<private key> [--tls-cacert <CA cert directory>/<CA cert file>]