How to manage CDF certificates on SMA

  • Document ID:KM03350900
  • Creation Date:05-Mar-2019
  • Modified Date:12-May-2021
    • Micro Focus Products:
      sm automation containerized
      service manager

Summary

How to manage CDF certificates for Security/Network communication on SMA 2018.02/SMA 2018.05/SMA 2018.08/SMA 2018.11/SMA 2019.02

Question

How to manage CDF certificates for Security/Network communication on SMA

Answer

How to get the expiration date of SMA server certificate?
 
Certificate is generated when installing CDF/Suite, and each certificate has own start and end date and the value will differ depending on when customers installed the CDF and that the certs only last 365 days.
 
1. SMA 2018.02/SMA 2018.05
 
Please run the following command to get the server certificate's expiration date on one master node of SMA 2018.02/SMA 2018.05
 
cd $K8S_HOME/ssl
 
[root@mater ssl]#openssl x509 -in server.crt -noout -text 
 
In the output, the server certificate's expiration date will be displayed like:
 
Certificate:
            Not Before: MMM dd hh:mmss YYYY GMT
            Not After : MMM dd hh:mmss YYYY GMT

Note: The OOB certificates are generated when installing CDF/Suite and each certificate has its own start and end date and the value will differ depending on when the CDF is installed and that the certs only last 365 days from the day of installation.

 
2. SMA 2018.08/SMA 2018.11/SMA 2019.02
 
Please run the following command to get the server certificate's expiration date on one master node of SMA 2018.08/SMA 2018.11/SMA 2019.02
 
$K8S_HOME/bin/kube-status.sh
 
In the end of the output, the server certificate's expiration date will be displayed like:
 
            Server certificate expiration date: MMM dd hh:mmss YYYY GMT, xxx days left
 
How to renew certificates for SMA server
 
1. SMA 2018.02
 
Renew the client.crt, client.key, server.crt, and server.key certificates, please refer to the followed URL:
 
 
1. SMA 2018.05
 
Renew the client.crt, client.key, server.crt, and server.key certificates, please refer to the followed URL:
 
 
2. SMA 2018.08
 
Renew the client.crt, client.key, server.crt, and server.key certificates, please refer to the followed URL:
 
 
3. SMA 2018.11
 
Renew the client.crt, client.key, server.crt, and server.key certificates, please refer to the followed URL(same with SMA 2018.08):
 
 
Renew the client.crt, client.key, server.crt, and server.key certificates, please refer to the followed URL: