Manually renew client certificate

Between the duration of 90 days and 60 days of the client's certificate expiry, the client logs the Client certificate will expire in <number> Days notification message every day. In-between the duration of 60-0 days, if the Certificate Auto Renewal toggle is turned on, the client certificate will be auto-renewed. Else, the client will log the notification message everyday and can manually renew the certificate as described below.

For Kubernetes deployment with Helm

1. In the values.yaml file, under configuration, update the value of servercrt and serverkey with the ones received from the CipherTrust Manager.

2. Update your DPG deployment using the following command.

           helm upgrade <helm-chart-name> <path-of-helm-chart> -n <namespace>
   

For Kubernetes deployment without Helm

1. In your deployment file, in the data section of kind:Secret, update the value of server.crt and server.key with the ones received form the CipherTrust Manager.

2. Update your DPG deployment using the following command.

           kubectl replace -f <deployment_filename> -n <namespace>
   

For Standalone deployment

1. Stop the existing container.

2. Re-run the DPG in container environment, as shown below:

           docker run -d --name < name> -p <host-port>:<DPG_port> -e "KMS=<ipaddress/hostname>" -e "TLS_ENABLED=false" -e "VALUE=<cert value>" -e "KEY_VALUE=<key value>" -e "REG_TOKEN=<registrationtoken>" -e "DESTINATION_URL=<destinationurl>" -e "DPG_PORT=<DPG_port>" <DPG-image-name>
   

As soon as the DPG container comes up, it will get the new certificate and configurations from the CipherTrust Manager.