If you have disabled the KeyControl auto-certificate renewal feature, you can reauthenticate a VM with a new certificate manually through the CLI or the webGUI.
Renewing the Certificate with the CLI
Enter the command hcl updatecert -a [-u username -p password] [-e certificate expiration], where:
-a tells hcl to contact KeyControl to get the new certificate.-u is a KeyControl user account with Cloud Admin privileges. If you do not enter a user account name you will be prompted for one.-p is the password for the KeyControl user account. If you do not enter a password you will be prompted for one.-e is the certificate expiration date in the format MM/DD/YYYY. If you do not enter an expiration date, KeyControl uses the default date set in the Certificate Expiration option for the Cloud VM Set that this VM belongs to. The default is one year from the creation date.For example:
# hcl updatecert -a -u CloudAdmin -p password -e 06/30/2018
Renewing the Certificate with the webGUI
When you are done, click Renew. KeyControl generates a new certificate with the .cert extension and downloads it to your browser's default download location.
| Important: | Do not change the name of the certificate file. If you do, the reauthorization will fail. |
Enter the command hcl updatecert [-p certificate_passphrase] /path/to/cert.cert, where:
-p is the passphrase for the certificate you specified in the webGUI. If you do not enter a passphrase and the certificate requires one, you will be prompted for the passphrase./path/to/cert.cert is the fully-qualified name of the certificate file you copied to the VM.For example:
# hcl updatecert -p onetimepassphrase16chars /hytrust/cert.cert