Renewing TLS certificates

Renew TLS certificates in your API Connect deployment.

A default API Connect deployment uses cert-manager to create issuers, CA certificates, server certificates, and client certificates. Cert-manager monitors all the certificates that it creates, and renews them before they expire.
Note: If you are not using cert-manager, or if you customized some or all or your API Connect certificates, then you are responsible for monitoring and renewing those certificates.
Certain API Connect configuration and maintenance operations can require that some or all TLS certificates that are used by API Connect are renewed before their expiry. The process of updating API Connect TLS certificates is called certificate renewal. The process to renew certificates involves the following steps:
  1. Manually deleting Kubernetes secrets that contain the TLS certificates that need renewal.
  2. Cert-manager detecting the deletion of these secrets, and automatically creating new secrets that contain newly generated x509 certificates.
Steps steps for identifying and renewing API Connect certificates are described in the following topics: