Rotate storage TLS certificates

Google Distributed Cloud (GDC) air-gapped appliance has a software-defined storage provider. The GDC air-gapped appliance PKI does not manage the TLS certificates. Therefore, the certificates must be rotated separately.

After the device is bootstrapped successfully, the administrator must rotate the CA certificate and all the server certificates used by software-defined storage on a regular basis or scheduled times to ensure that the device is compliant and secure.

TLS certificates

1. Object Storage server authentication
2. Metric Service server authentication
3. Stunnel server authentication

Before you begin

Ensure the following:

1. You meet the laptop prerequisites.
2. You are able to SSH into the three nodes and execute software-defined storage CLI commands.
3. You are able to log as admin in to the root admin cluster via kubectl.

Rotate CA certificate and all the server certificates

Content restricted to approved operating partners. Contact your account manager for access to this page.