openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
baf8ff9bb80e5e5a0bc419b004a2f1d0223eda68
openshift-docs/modules/mirror-registry-ssl-cert-replace.adoc
Steven Smith 66c3f7333f ContentQualityAssessment OMR
2025-08-19 20:20:30 +00:00

63 lines
2.3 KiB
Plaintext
Raw Blame History

// module included in the following assembly:
//
// * installing/disconnected_install/installing-mirroring-creating-registry.adoc
:_mod-docs-content-type: PROCEDURE
[id="mirror-registry-ssl-cert-replace_{context}"]
= Replacing mirror registry for Red Hat OpenShift SSL/TLS certificates
In some cases, you might want to update your SSL/TLS certificates for the _mirror registry for Red{nbsp}Hat OpenShift_. This is useful in the following scenarios:
* If you are replacing the current _mirror registry for Red{nbsp}Hat OpenShift_ certificate.
* If you are using the same certificate as the previous _mirror registry for Red{nbsp}Hat OpenShift_ installation.
* If you are periodically updating the _mirror registry for Red{nbsp}Hat OpenShift_ certificate.
Use the following procedure to replace _mirror registry for Red{nbsp}Hat OpenShift_ SSL/TLS certificates.
.Prerequisites
* You have downloaded and installed the `./mirror-registry` binary from the link:https://console.redhat.com/openshift/downloads#tool-mirror-registry[OpenShift console *Downloads*] page.
.Procedure
. Enter the following command to install the _mirror registry for Red{nbsp}Hat OpenShift_:
+
[source,terminal]
----
$ ./mirror-registry install \
--quayHostname <host_example_com> \
--quayRoot <example_directory_name>
----
+
This installs the _mirror registry for Red{nbsp}Hat OpenShift_ to the `$HOME/quay-install` directory.
. Prepare a new certificate authority (CA) bundle and generate new `ssl.key` and `ssl.crt` key files. For more information, see link:https://docs.redhat.com/en/documentation/red_hat_quay/3.15/html-single/securing_red_hat_quay/index#ssl-tls-quay-overview[Configuring SSL and TLS for {quay}].
. Assign `/$HOME/quay-install` an environment variable, for example, `QUAY`, by entering the following command:
+
[source,terminal]
----
$ export QUAY=/$HOME/quay-install
----
. Copy the new `ssl.crt` file to the `/$HOME/quay-install` directory by entering the following command:
+
[source,terminal]
----
$ cp ~/ssl.crt $QUAY/quay-config
----
. Copy the new `ssl.key` file to the `/$HOME/quay-install` directory by entering the following command:
+
[source,terminal]
----
$ cp ~/ssl.key $QUAY/quay-config
----
. Restart the `quay-app` application pod by entering the following command:
+
[source,terminal]
----
$ systemctl --user restart quay-app
----
View Git Blame Copy Permalink