You can renew both internal and external certificates after expiration.
To renew certificates after expiration:
Log in to the master node.
Change to the following directory:
By default, K8S_HOME is /opt/arcsight/kubernetes.
(Conditional) For internal certificate:
Run the following command to generate new client.crt, client.key and server.crt certificates:
./scripts/renewCert --renew -V 375 -t internal
(Conditional) If you have multiple master nodes, run the following on all the master node:
./scripts/renewCert --renew -t internal
(Conditional) For external certificate:
To generate new external self-signed certificates:
./scripts/renewCert --renew -t external
To generate the external custom self-signed certificates:
./scripts/renewCert --renew -t external --tls-cert /<cert file directory>/<cert file> --tls-key <private key directory>/<private key> [--tls-cacert <CA cert directory>/<CA cert file>]