How do I update the custom NSP server TLS artifacts?
Purpose
CAUTION Potential Service Disruption |
If you are providing a new CA certificate, you must stop and restart each NSP cluster, which is potentially service-affecting.
Ensure that you perform the procedure only during a scheduled maintenance window under the guidance of technical support.
Perform this procedure to update the custom TLS artifacts for NSP client access.
Note: release-ID in a file path has the following format:
R.r.p-rel.version
where
R.r.p is the NSP release, in the form MAJOR.minor.patch
version is a numeric value
Steps
1 |
Log in as the root or NSP admin user on the standalone or primary NSP deployer host. |
2 |
Open a console window. |
3 |
Enter the following: # cd /opt/nsp/NSP-CN-DEP-release-ID/bin ↵ |
4 |
If you are providing a new CA certificate, stop the NSP cluster. Note: If the NSP cluster VMs do not have the required SSH key, you must include the --ask-pass argument in the nspdeployerctl command, as shown in the following example, and are subsequently prompted for the root password of each cluster member: nspdeployerctl --ask-pass uninstall --undeploy
|
5 |
Perform one of the following.
|
6 |
If you are providing a new CA certificate that is not in the same location as the previous certificate, update the NSP configuration. Note: If the NSP cluster VMs do not have the required SSH key, you must include the --ask-pass argument in the nspdeployerctl command, as shown in the following example, and are subsequently prompted for the root password of each cluster member: nspdeployerctl --ask-pass install --config --deploy
|
7 |
Enter the following to start the NSP cluster: # ./nspdeployerctl install --config –-deploy ↵ The NSP cluster starts, and the configuration update is put into effect. |
8 |
To delete the local certificate and key files on an NSP deployer host, enter the following for each file identified for removal in Step 5: # rm file ↵ where file is one of the following: |
9 |
Configure each other NSP component to obtain the updated TLS configuration. |
10 |
Close the open console window. End of steps |