apcertmgmt command
The apcertmgmt command updates the platform manager certificate for SSL communication for ETCD server, and X509 certificate for HTTPS in REST API. The command is used for custom certificates only.
If you are using IBM provided certificates, read Platform Manager certificate patch release notes.- internal cluster communication (ETCD server, client and peer)
- HTTP REST
Syntax
apcertmgmt [-h] [-q] [-c <cert>] [-k <key>] [-vl [-c <cert>] [-k <key>]]
Parameters
- -h|--help
- Shows command help and exits.
- -q|--quiet
- Certificates are created and no confirmation is required.
- -c|--cert <cert>
- Specifies a path to the file with certificate for HTTP REST server.
- -k|--key <key>
- Specifies a path to the file with key for HTTP REST server.
- -vl|--validate
- Check if the provided certificate and key files are valid and usable for HTTP REST server. Both
key
andcert
parameters must be provided for validation.
When used with no arguments, the command runs in interactive mode and it propagates the provided certificates, or creates new certificates for ETCD server, client and peer (internal cluster communication).
When used with [-c <cert>] [-k <key>]
arguments, it propagates the
provided certificate or key for the HTTP REST server.
When used with -vl [-c <cert>] [-k <key>]
, it checks if the provided
certificate and key files are valid and usable for HTTP REST server.
To run the command, the system must be in state Active, that is, with the platform manager running and system application stopped. Depending on the state your system is in, you can run apstop -a to stop the system application, or apstart -p to start the platform manager only.
For more information on running the command, see Running apcertmgmt to update certificates.