Renewing/Reissuing Grid Certificates

There are certain scenarios where the integrity of the entire grid must be reinitialized. For example:

The grid root certificate has expired or is close to expiration.
The grid root certificate or the keystore password file have been lost or damaged beyond recovery.

If either of these is the case, the grid root certificate and all certificates issued by it must be regenerated.

To reinitialize the grid integrity, the steps outlined below must be performed. For details on creating the required certificates, refer to the Console tool guide and the sections on certificate management in the Configuration Manager.

The host and SSL keystores should be placed in the /secure folder of the grid on each host. The grid root keystore should also be placed in this folder, but only on the registry host.

Caution:

This procedure changes all keys and certificates used by the grid and should only be performed as a last resort.