VMware: Renewing external certificates with
On VMware OVA/Appliance, the external public-facing and the cross-subsystem certificates
are managed with the
About this task
When API Connect is
deployed on VMware, the public-facing external certificates, as well as some internal
cross-subsystem certificates, are managed with
apicup but are stored as Kubernetes
secrets. Complete the following steps to renew certificates that are managed with
apicup and restart the affected pods.
Renew the certificates as explained in Replacing custom certificates.
For information on setting up new certificates, see Setting custom certificates.
Use Tables 1 and 2 to determine which certificates to renew and which pods to restart:
Table 1 presents a list of secrets for external (ingress/front-end certificates) with the corresponding pod that must be restarted when the secret changes.
Table 1. External (ingress/front-end) secrets and affected pods Secret Pods
Table 2 presents a list of secrets for internal (cross-subsystem) certificates with the corresponding pod that must be restarted when the secret changes.
Table 2. Internal (subsystem) secrets and affected pods Secret Pods
portal-www(via webhook, no restart needed)
gateway(via webhook, no restart needed)
management-remote-sitename-postgres(on passive site in 2DC-HA config)
Restart the pods listed in the corresponding row for each certificate that you renewed.
For instructions for restarting pods, see the following topics: