Breaking News: Grepper is joining You.com. Read the official announcement!
Check it out

Manual CA Rotation

Add Answer
Sumit Rawal answered on June 21, 2023 Popularity 1/10 Helpfulness 1/10

Contents

  • answer Manual CA Rotation

    • More Related Answers

  • Certificate rotation
  • Automated CA Rotation

    • Manual CA Rotation

    Comment
    0

    If you are rotating an intermediate CA, there is a common root in both the new and the old CA chains and both are/will be provided to Vault, you do not need this option. You can manually replace the CA and use the regular kafka_certs option on the tool without risking downtime.

    However, if you are rotating a root CA or have not/will not include the full chain on an intermediate CA, you should use the kafka_ca option as follows:

    kubectl exec -it -n tm-system vault-installer -- /deployment-tools/rotate-certs

    kafka_ca

    This may require user action in response to the prompts from the tool. It is designed to prevent downtime during the CA migration. If you are using Vault-installed Kafka, it will rotate the broker certificates for you, if not, you will be prompted to rotate the broker certificates manually.

    Popularity 1/10 Helpfulness 1/10 Language whatever
    Source: Grepper
    Tags: ca manual rotation whatever
    Link to this answer
    Share Copy Link
    Sumit Rawal
    Contributed on Jun 21 2023
    Sumit Rawal
    0 Answers  Avg Quality 2/10

    X

    Continue with Google

    By continuing, I agree that I have read and agree to Greppers's Terms of Service and Privacy Policy.
    X
    Grepper Account Login Required

    Oops, You will need to install Grepper and log-in to perform this action.