{"id":839,"date":"2022-06-15T09:58:21","date_gmt":"2022-06-15T07:58:21","guid":{"rendered":"https:\/\/www.ume.li\/blog\/?p=839"},"modified":"2022-10-25T13:55:01","modified_gmt":"2022-10-25T11:55:01","slug":"hcl-component-pack-certificates","status":"publish","type":"post","link":"https:\/\/www.ume.li\/blog\/2022\/06\/15\/hcl-component-pack-certificates\/","title":{"rendered":"HCL Component Pack – Certificates"},"content":{"rendered":"

The default certificates for the Component Pack are valid for 2 years.
\nFor example:<\/p>\n

\r\nkubectl -n connections view-secret mongo-secret user_app-registry.pem | openssl x509 -noout -text\r\n<\/pre>\n
\"\"<\/a>
\nView-secret is an additional kubectl plugin. I use the https:\/\/krew.sigs.k8s.io\/<\/a> plugin manager for easy install.<\/p>\n
Without the view-secret plugin the date can be extracted like this:<\/p>\n
\r\nkubectl get secret mongo-secret -n connections -o "jsonpath={.data.user_app-registry\\.pem}" | base64 -d | openssl x509 -noout -enddate\r\n<\/pre>\n
What could happen when these certificates expire ? Nothing … until the pods get restarted… and the pods may fail to connect…<\/p>\n
Fix:
\nUninstall the bootstrap helm chart.<\/p>\n
\r\nhelm -n connections uninstall bootstrap\r\n<\/pre>\n
Re-install the bootstrap helm chart again with the env.force_regenerate=true. see HCL Help<\/a><\/p>\n
For Component Pack 7 just add the value to the your YML file used during initial installation.<\/p>\n
\"\"<\/a><\/p>\n
 <\/p>\n
 <\/p>\n
Verify that the certificates are upated and restart the Component Pack.
\nIf you are using metrics or elasticsearch you need clean up the ES- SSL settings and run the enableSslForMetrics and enableSslForESSearch commands again.<\/p>\n","protected":false},"excerpt":{"rendered":"
The default certificates for the Component Pack are valid for 2 years. For example: kubectl -n connections view-secret mongo-secret user_app-registry.pem<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[54,23],"tags":[74,67,24,75,79],"class_list":["post-839","post","type-post","status-publish","format-standard","hentry","category-component-pack","category-connections","tag-certificate","tag-component-pack","tag-connections","tag-expire","tag-ssl"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ume.li\/blog\/wp-json\/wp\/v2\/posts\/839","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ume.li\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ume.li\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ume.li\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ume.li\/blog\/wp-json\/wp\/v2\/comments?post=839"}],"version-history":[{"count":19,"href":"https:\/\/www.ume.li\/blog\/wp-json\/wp\/v2\/posts\/839\/revisions"}],"predecessor-version":[{"id":872,"href":"https:\/\/www.ume.li\/blog\/wp-json\/wp\/v2\/posts\/839\/revisions\/872"}],"wp:attachment":[{"href":"https:\/\/www.ume.li\/blog\/wp-json\/wp\/v2\/media?parent=839"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ume.li\/blog\/wp-json\/wp\/v2\/categories?post=839"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ume.li\/blog\/wp-json\/wp\/v2\/tags?post=839"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}