Renewing expired client certificates
Follow these instructions to create and renew expired client certificates for the simplified setup, the regular setup, or the setup for Thales Vormetric Data Security Manager (DSM).
- Simplified setup: Updating a key client certificate (5.1.0 or later)
- Simplified setup: Updating a key client certificate (5.0.5)
- Simplified setup: Updating a key client certificate (earlier than 5.0.5)
- Regular setup or DSM setup: Creating and installing a new key client
- Regular setup: Trusting a new client certificate
- DSM: Trusting a new client certificate
Simplified setup: Updating a key client certificate (5.1.0 or later)
Follow these instructions if you are using the simplified setup method and the key client is running IBM Spectrum Scale 5.1.0 or later.
To update an expired or unexpired key client certificate, follow these steps.
- If the certificate type is system-generated, go to Step 2.
- If the certificate type is user-provided, go to Step 3.
Simplified setup: Updating a key client certificate (5.0.5)
Follow these instructions if you are using the simplified setup method and the key client is running IBM Spectrum Scale 5.0.5.
To update an expired or unexpired key client certificate, follow these steps:
Simplified setup: Updating a key client certificate (earlier than 5.0.5)
Follow these instructions if you are using the simplified setup method and the key client is running a version of IBM Spectrum Scale that is earlier than 5.0.5.
To update an expired or unexpired key client certificate, you must create and register a new key
client and deregister the old key client. These instructions assume that you want to create a key
client c1Client1
, deregister the old client c1Client0
, and
register the new key client with tenant devG1
on key server
keyserver01
.
devG1
.Regular setup or DSM setup: Creating and installing a new key client
Regular setup: Trusting a new client certificate
DSM: Trusting a new client certificate
-
In the DSM web GUI, import the new client certificate into the DSM server.
Provide the path and file name of the certificate file that you created in Step 2 and referenced in Step 3 of the subtopic Regular setup or DSM setup: Creating and installing a new key client. The path and file name have the format <prefix>.cert, where <prefix> is the path and file name prefix that you specified in Step 2.
- On the node that you are configuring for encryption, try to create an encrypted file by doing some action that triggers an encryption policy rule. These instructions assume that the file is successfully created.