Refreshing expired Cloud Pak foundational services certificates
Refresh self-signed Cloud Pak foundational services CA certificates that have expired so that the capabilities in your Cloud Pak for Integration installation can use them.
IBM Event Streams
For information about refreshing certificates, see Renewing certificates in the Event Streams documentation.
IBM Aspera HSTS (high-speed transfer server)
For information about refreshing certificates in Aspera HSTS, see "Custom certificates" in Using custom hostnames and certificates for the Platform UI.
IBM Automation foundation assets (Automation assets)
Switch to the namespace where Operations Dashboard is installed
Ensure Common Services refreshed the certificate management-ingress-ibmcloud-cluster-ca-cert. If not, delete the certificate using the following command and wait for it to be re-created by Common Services again:
oc delete secret management-ingress-ibmcloud-cluster-ca-cert
If the secret has not been created automatically, look for errors or delete all operand-deployment-lifecycle-manager-* pods in Common Services namespace (usually ibm-common-services).
Delete the API and UI pods for the Asset Repository deployment:
<CR name>-ibm-integration-asset-repository-ui-* <CR name>-ibm-integration-asset-repository-api-*
IBM API Connect (API management) and IBM DataPower (gateway)
For information about refreshing certificates, see Renewing TLS certificates in the API Connect documentation.
IBM App Connect Enterprise
IBM App Connect Enterprise does not use management-ingress-ibmcloud-cluster-ca-cert
, so no action is necessary.
IBM MQ
Begin by switching to the namespace where IBM MQ queue managers are deployed.
Next, restart the queue manager pod so that it can pick up the refreshed certificates. Follow the steps applicable to your queue manager's availability type, SingleInstance
or MultiInstance
.
Single-instance queue manager
Restart the queue manager pod by deleting it. As an example, a queue manager with the name quickstart-cp4i
might have a corresponding pod name of quickstart-cp4i-ibm-mq-0
.
oc delete pod quickstart-cp4i-ibm-mq-0
Multi-instance queue manager
First, restart the standby queue manager pod by deleting it, then restart the active queue manager pod.
To identify which pod is running as the standby queue manager, and which one as the active queue manager, run the
dspmq
command for each pod name. In this example, a queue manager with the namequickstart-cp4i
has the corresponding pod namesquickstart-cp4i-ibm-mq-0
andquickstart-cp4i-ibm-mq-1
. :oc rsh <queuemanager-pod-name> dspmq
For example:
oc rsh quickstart-cp4i-ibm-mq-0 dspmq QMNAME(QUICKSTART) STATUS(Running as standby)
The response confirms that the standby queue manager pod is
quickstart-cp4i-ibm-mq-0
.Delete the standby queue manager pod:
oc delete pod quickstart-cp4i-ibm-mq-0
Verify that the standby queue manager is restarted. For example:
oc get pod --selector app.kubernetes.io/instance=quickstart-cp4i
Verify that your standby queue manager pod is running:
oc rsh quickstart-cp4i-ibm-mq-0 dspmq
Restart the active queue manager pod (in this example,
quickstart-cp4i-ibm-mq-1
):oc delete pod quickstart-cp4i-ibm-mq-1
IBM Cloud Pak Platform UI
For information about refreshing certificates for Platform UI, see "Custom certificates" in Using custom hostnames and certificates for the Platform UI.