Openshift 4 certificates location and manual renewal process

7/21/2021

I'm checking on various certificates in okd 4 referring to: https://docs.okd.io/latest/security/certificate_types_descriptions/user-provided-certificates-for-api-server.html Here the certificates are categorized into different sections. I could see that for all the category of certificates the location is mentioned except for ETCD, node and Service CA. Please help me in finding the location of these.

Another query is How to manually renew okd 4 certificates. I see that below are the category of certificates in okd 4 from https://docs.okd.io/latest/security/certificate_types_descriptions/user-provided-certificates-for-api-server.html

Bootstrap
Control plane
Etcd
Node
Service CA
Proxy certificates
Monitoring and Cluster Logging
Ingress certificates
OLM certificates
User-provided certs for API server
User-provided certs for default ingress

Here considering only System managed certificates, under each of the certificates section I see that the renewal is auto-rotation by system. Is there any possible way where we can manually renew all these certificates managed by system?

-- rakesh kotian
kubernetes
okd
openshift
openshift-client-tools
openshift-origin

0 Answers