apcertmgmt command

By default, IBM provides the certificates required for platform manager, but you can also choose to provide your custom certificates instead. If your custom certificates expire, you can use the apcertmgmt command to apply new certificates for platform manager.

There are two types of certificates that must be provided:
  • cluster certificates, which are used for internal platform management communication, no endpoint accessible externally is using them
  • REST certificates, which are used for externally accessible REST API (for example, ap commands use this API)
Note: If you are using IBM provided certificates and you want to update them, follow the instructions in Platform Manager certificate patch release notes.

Syntax

 apcertmgmt [[-q] {-c cert | -k key} [-vl] | -h]

Parameters

All arguments are optional. When used with no arguments, the command propagates the provided certificates, or creates new certificates for ETCD server, client and peer. When used with arguments, it propagates the provided certificate or key for HTTP REST server. For both operations system must be in state Active, that is, with the platform manager running and appliance application stopped. Depending on the state your system is in, you can run apstop -a to stop the appliance application, or apstart -p to start the platform manager only.
-h|--help
Shows command help and exits.
-q|--quiet
Certificates are created and no confirmation is required.
-c|--cert <cert>
Specifies a path to the file with certificate for HTTP REST server.
-k|--key <key>
Specifies a path to the file with key for HTTP REST server.
-vl|--validate
Check if pointed certificate and key files are valid and usable in HTTP REST server.