-
Notifications
You must be signed in to change notification settings - Fork 845
Rotating Vault certificate
Alex Suraci edited this page Jun 25, 2018
·
1 revision
# regenerate CA
credhub regenerate -n /concourse-prod-bosh/ca
# regenerate vault server cert
credhub regenerate -n /concourse-prod-bosh/vault/vault_cert
# regenerate web client cert
credhub regenerate -n /concourse-prod-bosh/concourse-prod/vault_cert
make sure both certs pick up the regenerated CA. if they don't, set them again using generate
(set common name to vault.concourse-ci.org)
then, unseal the vault, and update the auth to accept the newly-regenerated cert:
vault write auth/cert/certs/concourse-prod display_name=concourse-prod policies=concourse,default certificate=@cert ttl=3600