When you have to replace certificates on multiple vRLI clusters, using the API might be a better way to change them on all your cluster nodes.
Prerequisites
You will need to prepare a certificate with a subject alternative name (SAN) for each of the cluster members and the Internal Load Balancer (ILB).
You can use this article as a guide.
How to
Take note that I do not know if this is officially supported, but in my tests it works.
Use a REST API client and connect to the ILB IP and request a session token. Make sure to add the credentials to the body of your request. When you post the command, a session token will be generated. You need this token to be able to add new certificates to your cluster (and many other actions).
POST https://vrli-fqdn/api/v1/sessions
Open a new tab in your REST API client of choice (mine is Postman). Prepare the command to post the new certificate to the other cluster members.
POST https://vrli-fqdn/api/v1/certificate
In authorization select Bearer Token as the type and add the Token obtained from the previous command.
Open the Body tab and paste the contents from the generated PEM certificate.
Pressing send will push the new certificate to all the cluster members.
Leave a Reply