Use the SSL rotation utility tool to rotate the existing SSL certificate.
Note: The UCP Advisor VM is restarted after you run the SSL rotation utility tool.
- Extract the SSL rotation utility from the UCP Advisor media kit.
- Using an SSH client, such as PuTTY, log on to the UCP Advisor VM as a root or a sudo user.
- Extract the UCP Advisor upgrade file:
sudo tar -xvzf ucpadvisor-air-gapped-v4.6.0-141.tar.gz - Navigate to the /installer/scripts folder.
- Set executable permissions for the SSL rotation utility tool. Enter:
# sudo chmod +x ssl-rotation-keystore.sh # ls # ssl-rotation-keystore.sh
- Run the SSL rotation utility tool on the UCP Advisor VM. Enter:
# sudo ./ssl-rotation-keystore.sh
Answer the prompts accordingly.
Note: The UCP Advisor VM restarts, which will cause a few minutes of downtime for UCP Advisor. - Verify that all the Kubernetes pods are up and running. Enter:
kubectl get pods -n ucp -w
Note: All the pods must be in the Running state.[root@c79-20-208 ~]# kubectl get pods -n ucp -w NAME READY STATUS RESTARTS AGE common-operator-8585947c84-ngdxr 2/2 Running 2 160m converged-operator-5dcc6b4cf-sgpwq 2/2 Running 0 160m day0-ccdb6fcf8-xb569 2/2 Running 0 160m elasticsearch-0 1/1 Running 0 160m filemanager-7cc9bcc8f8-d7zz6 1/1 Running 0 160m hypervisor-operator-5cf74cb64f-zmsr6 2/2 Running 0 160m idm-8466fb7c76-tqvhw 1/1 Running 0 160m keycloak-f65dffb8c-btnm9 1/1 Running 0 160m
- Verify that the SSL certificate was successfully rotated. Navigate to the /var/ucpadvisor/ssl/certs/common folder, and enter:
sudo openssl x509 -enddate -noout -in server.crt
Sample output:
notAfter=Sep 13 20:14:46 2024 GMT
Note: If you see the No route matched with those values error when you log on to UCP Advisor after rotating the SSL certificate, then restart the Kong pod. Run the following command on the UCP Advisor VM:kubectl rollout restart deploy ucpadvisor-kong -n ucp