Renewing TLS certificates

Renew TLS certificates in your API Connect deployment.

About this task

When you install API Connect, the deployment uses Kubernetes cert-manager to create issuers, CA certificates, server certificates, and client certificates. You can accept the certificates generated during deployment, or create custom certificates. For information on creating certificates for your deployment, see Certificates in a Kubernetes environment.

If you use Kubernetes cert-manager to generate and manage certificates (both default certificates and custom certificates), you can easily renew them with as explained in this section. If you used a different application to create certificates, you are responsible for renewing them manually. This section provides instructions for renewing certificates, as well as lists of the certificates to renew. The next section explains how to restart subsystems to apply the new certificates.

Note: The topics in this section use variables to represent the subsystem name in each certificate name, to indicate that the name is based on the name you provide in the Kubernetes Custom Resource (CR) for each subsystem instance. For example, the CA for the Management subsystem is referred to as management_CR-ca to indicate that the name depends on the value you provided in the management CR.