Renewing TLS certificates
Renew TLS certificates in your API Connect deployment.
A default API Connect
deployment uses cert-manager to create issuers, CA certificates, server certificates,
and client certificates. Cert-manager monitors all the
certificates that it creates, and renews them before they expire.
Note: If you are not using cert-manager, or if you
customized some or all or your API Connect certificates,
then you are responsible for monitoring and renewing those certificates.
Certain API Connect
configuration and maintenance operations can require that some or all TLS certificates that are used
by API Connect are
renewed before their expiry. The process of updating API Connect TLS certificates
is called
certificate renewal. The process to renew certificates involves the following steps:
- Manually deleting Kubernetes secrets that contain the TLS certificates that need renewal.
- Cert-manager detecting the deletion of these secrets, and automatically creating new secrets that contain newly generated x509 certificates.