If the airgap server certificate expires, you need to update it with a new certificate suite. You must update the existing TCA clusters associated with this airgap server if the new certificate is self-signed or signed by a private Certificate Authority (CA).

Update Airgap Server Certificate

For information on updating the Airgap server certificate when the existing certificate expires, see Update Airgap Server Certificate.

If the airgap server is updated with a self-signed or private root CA-signed certificate, you must update the following:

Update Existing Clusters with Update CA Tool

You can use the cluster airgap server CA certificate tool to renew all the existing clusters of the TCA-CP appliance and unlock the existing cluster features such as creating node pools, installing new addons, and scaling in/out. See Update Existing Clusters with Update CA Tool.

Caution: Before updating the existing cluster with a new airgap-trusted root certificate, it is recommended that you ensure that the certificate's expiration date is set to a longer duration.

Troubleshoot Cluster Airgap Server CA Certificate Update

You can update the existing cluster manually. Generally, you can use the CA tool to update the clusters. For troubleshooting any errors that might occur during the cluster airgap server CA certificate update, see .