Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Updating the Certificate

Go to the tool installation directory and run the following command to update the CSR file. After that, enter the password of the remote server.

./tools/haf-tool cert --server <ca_server_ip> --path <ca_server_path> --user <ca_server_user> --update

During the certificate update, the service certificate and CA root certificate are updated to the local node. To make the update take effect, restart upper-layer applications on host nodes and on the offload nodes with the HAF library, and restart service processes on the offload nodes with the HAF service.

The following steps use the offload nodes with the HAF service as an example. For host nodes and the offload nodes with the HAF library, perform similar steps.

  1. Use SmartKit to update the certificate on the server or client node. The commands are as follows:

    Parameter

    Description

    Task Name

    Updating the node certificate

    Task Description

    Updating the certificate of the current node on the CA server.

    Run Directory

    /home/omm/haf-install/haf-target

    Run Command

    echo password | ./tools/haf-tool cert --server ca_server_ip --path ca_server_path --user ca_server_user --update

    Whether to Check Return Code

    Yes

    Expected Return Code

    0

    After performing step 1, restart the service process.

  2. Restart the service process to complete the update.

crt_update.sh is the internal script for updating a certificate. It is stored in haf-tool/scripts of the installation directory and is invoked by haf_tool. The internal invoking commands are as follows:

cd tools/scripts

./crt_update.sh -i <ip_addr> -p <remote_path> -u <user_name> -t <cert_path>

After the command is executed, manually enter the password for logging in to the remote server.

Table 1 Parameter description

Option

Description

Mandatory

-i <ip_addr>

IP address of the server where the CA node is located. It entered by the user and imported using haf_tool.

Yes

-p <remote_path>

Path for storing the CA node certificate. It entered by the user and imported using haf_tool.

Yes

-u <user_name>

User name of the server where the CA node is located. It entered by the user and imported using haf_tool.

Yes

-t <cert_path>

Path for storing the certificate. haf-tool uses the cert_path parameter in the configuration file to invoke this path.

Yes

crt_update.sh is an internal tool of the software. You are not advised to invoke it independently.