TLS Identities Rotation
Peer TLS identities can be directly replaced as they are not persisted on the ledger making this a simple operation.
How to Rotate a TLS Identity
Navigate to the CA section on the left panel of your dashboard and select your CA. Under the Identities tab, select the TLS identity of the peer that you desire to rotate. Click on Enroll/Reenroll as shown in the image below.
Figure 1. Certificates list
In case you want to enroll a new certificate, mark the TLS option checkbox as illustrated in the image below, so Catalyst Blockchain Manager is able to generate the certificate based on the information of the organization, otherwise it will lead to SSL handshake errors. |
TLS option mark
After updating a certificate, the node that uses it must be restarted given that certificates can not be replaced in runtime. Once restarted, give Catalyst Blockchain Manager a few seconds and check that a new certificate is being used. If the channel is up-and-running, the certificate has been successfully replaced. |