Renew and replace certificates and keys using PEG

In the customer-managed certificates deployment model, certificates and keys that are set to expire are not renewed and replaced automatically.

When your certificates are set to expire, you must perform the following tasks to renew them:
  1. Create a new certificate. You can create a new certificate with two options:
    • You can choose to have PEG create the new certificate signing request and the keys, or
    • You can create your own certificates and keys. To create your own certificates and keys, see Create certificates.
  2. Upload the new certificate. To upload the new certificate, see Upload the new certificates.

If you choose to have PEG generate new keys and the certificate signing requests, perform the following steps:

Procedure

  1. Run cd peg && ./peg_start.sh.
  2. Select Cluster Management.
    select cluster management

  3. Select Generate Certificate Requests.
    select generate certificate requests

  4. Enter information for the options that follow.
  5. Exit the menu.
    The certificate signing requests are located in ~/peg/csr.
  6. Create certificates from the CSRs that PEG generated. For more information, see Create certificates.