How to renew the Portal encryption secret in an API Connect two data center
disaster recovery deployment.
About this task
Complete the following steps to renew the Portal encryption secret in a two data center disaster
recovery deployment on VMware.
Procedure
Complete the following steps in the sequence shown to ensure that you do not overwrite
information that was copied from the active data center, in this example DC1, while
updating the passive data center, in this example DC2.
-
Run a health check on DC1 to ensure the deployment is in a good state. For example:
apicup subsys health-check dc1_portal
-
Run a health check on DC2 to ensure the deployment is in a good state. For example:
apicup subsys health-check dc2_portal
- List the certificates on DC1:
apicup certs list dc1-portal
- List the certificates on DC2:
apicup certs list dc2-portal
- Clear the certificates on DC1:
apicup certs set dc1-portal encryption-secret --clear
- Clear the certificates on DC2:
apicup certs set dc2-portal encryption-secret --clear
- Generate new certificates on DC1:
apicup certs generate dc1-portal
- Copy the new certificates on DC1:
apicup certs get dc1-portal encryption-secret -t key > new_port-encryption-secret
- Set the new certificates from DC1 onto DC2:
apicup certs set dc2-portal encryption-secret new_port-encryption-secret
- Install the certificates on both the
active and passive
data centers at the same time:
apicup subsys install dc1-portal
apicup subsys install dc2-portal