Prerequisites

Here are the prerequistes for managing the certificate expiry:

• You should have new SSL certificates that should be imported.
• UIM CN must be running over SSL Terminate at ingress.

Renewing Ingress Certificates

To renew ingress certificates:

1. Run the following command to verify ingress certificates:

   $UIM_CNTK/scripts/manage-certificates.sh -p project -i instance -c verify -t ingress

   This command displays validity for all ingress certificates for UIM CN.

2. Run the following command to renew the ingress certificates:

   $UIM_CNTK/scripts/manage-certificates.sh -p project -i instance -c import -t ingress

   This command prompts for the certificate and key inputs. Provide the new certificates so that all ingress certificates are renewed.

Importing Egress Certificates

To import egress certificates:

1. Run the following command to verify egress certificates:

   $UIM_CNTK/scripts/manage-certificates.sh -p project -i instance -c verify -t egress

   This command displays validity for all egress certificates from the truststore of all services.

2. Run the following command to import egress certificates:

   $UIM_CNTK/scripts/manage-certificates.sh -p project -i instance -c import -t egress

   This command prompts for the trusted secret name used by UIM CN, followed by certificate and alias name as inputs. Provide the secret name from $SPEC_PATH/project-instance.yaml file and then a new certificate along with an alias to store the certificate.

   Note:

   If the provided alias name already exists, the older certificates will be overridden by the new certificate. If you want to retain your old certificate, provide a new alias name.

Postrequisites

Here are the postrequisites:

• Restart the application if you have imported egress certificates for the application.
• After renewal of ingress certificates, ensure that you have imported the new certificates into the client trust.