Renewing certificates on VMware

Replacing passwords, keys, and certificates and then restarting the subsystems requires some differences in the procedures and commands on VMware in your API Connect deployment..

Attention:

The instructions in this section apply only to the Management, Portal, and Analytics subsystems. For Gateway appliance-specific instructions, see Configuring the API Connect Gateway Service in the DataPower Gateway documentation.

Using SSH to connect to the server so you can run Kubernetes commands

If the instructions in a referenced topic require you to run kubetcl commands directly on servers, you must first log in to the virtual machine (appliance) as follows:

Run the following command to connect as the API Connect administrator, replacing ip_address with the appropriate IP address:
```
ssh ip_address -l apicadm
```
When prompted, select Yes to continue connecting.
When you are connected, run the following command to receive the necessary permissions for working directly on the appliance:
```
sudo -i
```

Then, you can follow the instructions in each topic and run kubetcl commands as needed.

Determining which certificates are due for renewal

To determine which certificates are due to expire and must be renewed, SSH into the server as explained in the previous section. Then, run the following command and check the EXPIRATION column in the results:

kubectl get certificate