Renewing encryption certificates

Encryption certificates, except for CA certificates, are automatically rotated on all cluster nodes upon their expiration, that is, once per year. If a certificate is compromised, you need to replace it manually.

To manually renew IPsec certificates

Use the following command:

vinfra node certificate ipsec renew <node>

<node>

Node ID or hostname

For example, to renew certificates for the node node1, run:

vinfra node certificate ipsec renew node1