You can check expiration dates and rotate certificates used by VMware Tanzu SQL with MySQL for VMs.
To rotate the Services TLS CA and its leaf certificates, use one of the following procedures:
Tanzu Operations Manager v2.9 and later is compatible with CredHub Maestro. Tanzu SQL for VMs v2.8 and later is compatible with CredHub Maestro.
If you are using Tanzu Operations Manager v2.9 or later, you can rotate all MySQL certificates in the following table using CredHub Maestro. For Tanzu Operations Manager v2.9 and earlier, you can rotate the Services TLS CA using a manual procedure.
For more information about procedures to use to rotate certificates, see Rotate services TLS certificate authority.
The following table lists the certificates used by Tanzu SQL for VMs:
Certificate | Rotated by Tanzu SQL for VMs? |
---|---|
/services/tls_ca |
No |
/opsmgr/pivotal-mysql-GUID/adbr_api_cert |
No |
/p-bosh/pivotal-mysql-GUID/agent_ca_2_9_x |
No |
/p-bosh/pivotal-mysql-GUID/agent_client_ssl_2_9_x |
No |
/p-bosh/pivotal-mysql-GUID/agent_server_ssl_2_9_x |
No |
/p-bosh/pivotal-mysql-GUID/services_tls_accessor_cert |
No |
/p-bosh/service-instance_GUID/adbr_agent_cert |
No |
/p-bosh/service-instance_GUID/agent_ca |
No |
/p-bosh/service-instance_GUID/agent_client_tls |
No |
/p-bosh/service-instance_GUID/agent_server_tls |
No |
/p-bosh/service-instance_GUID/mysql_server_tls |
No |
/p-bosh/service-instance_GUID/pxc_internal_ca |
No |
/p-bosh/service-instance_GUID/pxc_tls_ca |
No |
/p-bosh/service-instance_GUID/pxc_tls_server |
No |
/p-bosh/service-instance_GUID/restore_ca |
No |
/p-bosh/service-instance_GUID/restore_client_tls |
No |
/p-bosh/service-instance_GUID/restore_server_tls |
No |
/p-bosh/service-instance_GUID/streaming_backup_ca |
Yes |
/p-bosh/service-instance_GUID/streaming_backup_server_cert |
Yes |
In the previous table, GUID
is the GUID for the service instance. To find the GUID for your service instance, follow the procedure in Find information about your service instance.
If you are using a PXC-type database, Tanzu SQL for VMs rotates the Galera certificate by renaming it.