订阅

UiPath Automation Suite

UiPath Automation Suite 指南

MongoDB certificate renewal

MongoDB uses two types of certificates for a secure connection within the Automation Suite cluster:

  • CA root certificate
  • TLS certificate

Starting with 2022.4.0, the MongoDB certificates generated during installation are valid for three years.
For environments upgraded from versions before 2021.10.3 to 2022.4, follow the steps described in this page for MongoDB certificate rotation. The generated MongoDB certificates are valid for three years.

📘

备注:

For fresh 2022.4 installations and onward, the certificate rotation is done automatically. The CA certificate is renewed automatically 30 days before it expires, while the TLS certificate is renewed 20 days before it expires. Because of this, there is no user intervention needed to maintain the validity of the certificates.
However, if you want to renew the certificates manually, you can use the certificate rotation CLI. Follow the steps below to run the certificate rotation.

  1. SSH to the VM node.
ssh <username>@<node-fqdn>
  1. Assume the super user role by running the command below.
sudo su
  1. Go to the installation (for fresh installations) or upgrade (for upgraded environments) directory by running the command below.
cd <Installation/Upgrade Directory>
  1. Copy the rotate-cert.sh script below to the installation directory.
./configureUiPathAS.sh mongodb rotate-certificate
kubectl -n mongodb get secret/tls-ca-key-pair -o jsonpath='{.data.ca\.crt}' | base64 -d > /tmp/.certs/ca.crt
kubectl -n mongodb create configmap mongo-ca --from-file="/tmp/.certs/ca.crt" --dry-run=client -o yaml | kubectl replace -f -
kubectl rollout restart sts mongodb-replica-set -n mongodb
  1. Run the certificate rotation script by using the command below.
chmod u+x rotate-cert.sh
./rotate-cert.sh

The certificate rotation script takes around 5-10 minutes to complete. The new certificates generated by the script are valid for three years from the time of creation and are automatically renewed as per the timeline mentioned above.

约一个月前更新


MongoDB certificate renewal


建议的编辑仅限用于 API 参考页面

您只能建议对 Markdown 正文内容进行编辑,而不能建议对 API 规范进行编辑。