Renewing end-entity certificates

Renew an API Connect end-entity certificate.

About this task

To renew an end-entity certificate, delete the secret that corresponds to the certificate. Cert-manager detects the deletion of the secret and re-creates it with a new x509 certificate.

For more information about API Connect certificates, see API Connect TLS certificates.


  1. Get a list of all certificates in your API Connect namespace:
    kubectl -n <namespace> get certificates
    The output lists all certificates with their status, age, and the name of the corresponding secret. In this example, the certificate that is used by the API Manager UI is shown:
    NAME                                     READY   SECRET                                   AGE
    apim-endpoint                            True    apim-endpoint                            13d
    By default the secret names are identical to the certificate names.

  2. Delete the secret for the certificate that you want to renew:
    kubectl -n <namespace> delete secret <secret name>
    Cert-manager detects the deletion of the secret and creates a new secret with a newly generated x509 certificate.