If the certificate of your airgap server is expired, you need to update it with a new certificate suite. All the existing TCA clusters associated with this airgap server are required to be updated in case the new certificate is self-signed or signed by private CA .
Update Airgap Server Certificate
This section describes how to update airgap server certificate in case the existing one is expired. See Update Airgap Server Certificate.
If the airgap server is updated with public signed certificate, this is the only steps needs to be performed. If the airgap server is updated with self-signed or private root CA signed certificate, you need to also follow the steps in guide Update TCA Manager Mongo DB and Update Existing Clusters with Update CA Tool.
Update TCA Manager Mongo DB
To create new clusters via TCA UI or API, airgap server settings in TCA manager Mongo DB are required to be updated with new self-signed certificate or private root CA certificate. See Update TCA Manager Mongo DB.
Update Existing Clusters with Update CA Tool
This section introduces how to use the updating cluster airgap server CA certificate tool to renew all the existing clusters of a TCA CP appliance in order to unlock the existing cluster features such as creating node pools, installing new addons, and scaling in/out. See Update Existing Clusters with Update CA Tool.
Update existing cluster with new self-signed certificate or private root CA certificate of airgap server is NOT an officially supported feature. Before that, it is always recommended to assign a long expired certificate to airgap server to avoid it. This guide provides the workarounds in case you already created cluster with an airgap server of short expiration time certificate.
Troubleshoot Cluster Airgap Server CA Certificate Updating
This section introduces how to update existing cluster manually. Ideally, using updating CA tool should be enough to update all the clusters. This section provides the manual steps on updating every element of a cluster for troubleshooting . See Troubleshoot Cluster Airgap Server CA Certificate Updating.