How do I update the NSP TLS certificate for LDAPS remote authentication?

Purpose

The TLS certificate for LDAPS remote authentication must be current, or the remote authentication attempts fail.

Perform this procedure if the TLS certificate of the LDAPS remote authentication server is updated.

Note: You must perform the procedure on each NSP cluster.

Steps
 

Obtain the new certificate.

Log in as the root user on the NSP deployer host.

Open a console window.

Transfer the certificate to the following directory on the NSP deployer host:

/opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID//tls/ldap

Enter the following to apply the certificate:

/opt/nsp/NSP-CN-DEP-release-ID/bin/nspdeployerctl install --config --deploy ↵

Restart the Keycloak pod.

  1. Log in as the root user on the NSP cluster host.

  2. Enter the following:

    kubectl get pods -A | grep nspos-keycloak ↵

    The following Keycloak pod information is displayed:

    namespace   nspos-keycloak-pod_ID  n/n  Running  1 (timespan ago)  timespan

  3. Record the pod_ID value.

  4. Enter the following:

    kubectl delete pod nspos-keycloak-pod_ID -n $(kubectl get pods -A | awk '/nspos-keycloak-pod_ID/ {print $1;exit}') ↵

    where pod_ID is the Keycloak pod ID recorded in substep 3

    The Keycloak pod restarts, and the updated certificate is put into effect.

Close the console window.

End of steps