apcertmgmt command
By default, IBM provides the certificates required for platform manager, but you can also
choose to provide your custom certificates instead. If your custom certificates expire, you can use
the apcertmgmt
command to apply new certificates for platform manager.
There are two types of certificates that must be provided:
- cluster certificates, which are used for internal platform management communication, no endpoint accessible externally is using them
- REST certificates, which are used for externally accessible REST API (for example, ap commands use this API)
Note: If you are using IBM provided certificates and you want to update them, follow the
instructions in Platform Manager certificate patch release notes.
Syntax
apcertmgmt [[-q] {-c cert | -k key} [-vl] | -h]
Parameters
All arguments are optional. When used with no arguments, the command propagates the provided
certificates, or creates new certificates for ETCD server, client and peer. When used with
arguments, it propagates the provided certificate or key for HTTP REST server. For both operations
system must be in state Active, that is, with the platform manager
running and appliance application stopped. Depending on the state your system is in, you can run
apstop -a to stop the appliance application, or apstart -p to
start the platform manager only.
- -h|--help
- Shows command help and exits.
- -q|--quiet
- Certificates are created and no confirmation is required.
- -c|--cert <cert>
- Specifies a path to the file with certificate for HTTP REST server.
- -k|--key <key>
- Specifies a path to the file with key for HTTP REST server.
- -vl|--validate
- Check if pointed certificate and key files are valid and usable in HTTP REST server.