Update Procedure

When the target_tls_switch and host_tls_switch configurations are enabled, if the HAF certificate on the server or client node is about to expire or has expired, you need to update the certificate in a timely manner.

The certificate update procedure involves generating a CSR file, exporting the CSR file, signing the certificate, and updating the certificate.

• The 3072-bit RSA algorithm is used to generate a public-private key pair.
• Private keys are encrypted using the AES256 algorithm.
• The password of the private key is encrypted in the AES256-GCM format.

After the certificate is updated, you need to restart the HAF service processes and application service with customers' approval.