Version: Next

Renew certificates

General information

Renew certificates feature allows user to update client certificates. It is required when client certificates are close to expire.

Certificates renewal sequence

Users can renew either a single certificate or all certificates at once. When the renewal process is initiated, the Cloud sends a RenewCertificatesNotification to the Communication Manager (CM). This notification includes the validity period, password, and serial number of the certificates.

Upon receiving the notification, CM requests IAM to generate new private keys for each requested certificate type. Once the key generation is completed, CM requests IssueUnitCertificate to the Cloud, containing the corresponding Certificate Signing Requests (CSRs).

The Cloud then generates the updated certificates and sends them back to CM via the IssuedUnitCertificate notification.

Additionally, the IAMServer detects certificate updates and triggers a notification. This notification ensures that all AOS services restart their gRPC/TLS connections to apply the new certificates.

A detailed sequence diagram of the certificate renewal process is shown below:

General information​

Certificates renewal sequence​

General information

Certificates renewal sequence