Replacing or renewing the TLS certificate

The Transport Layer Security (TLS) certificate is used to access the cluster through a browser. The cluster initially contains a self-signed certificate for this purpose. You can continue to use the existing self-signed certificate, or you can replace it with a third-party certificate authority (CA)-issued certificate.

If you continue to use the self-signed certificate, you must replace it when it expires, with either:

A third-party (public or private) CA-issued certificate
Another self-signed certificate that is generated on the cluster

The following folders are the default locations for the server.crt and server.key files.

TLS certificate: /usr/local/apache2/conf/ssl.crt/server.crt
TLS certificate key: /usr/local/apache2/conf/ssl.key/server.key