If you have the charm deployed from the latest/stable track we recommend migrating to 1/stable immediately as latest is deprecated.
To keep using your current CA follow these steps:
- Rename the secret owned by
self-signed-certificatesthat contains the CA fromca-certificatestoactive-ca-certificates
juju update-secret <secret-id> --name active-ca-certificates
- Refresh the charm using the following config options
- Set
root-ca-validityandcertificate-validityto match the values from your current deployment, for example if you hadcertificate-validityset to10now you need to set it to10d ca-country-nametoUSas it was a default value inlatest
juju refresh ssc --channel 1/edge --config certificate-validity=10d --config root-ca-validity=365d --config ca-country-name="US"
If keeping the current CA is not a concern:
- Rename the secret
juju update-secret <secret-id> --name active-ca-certificates
- Refresh the charm
juju refresh ssc --channel 1/stable
- Configure the charm with your desired config values (This step is essential for issued certificates to be rotated and new certificates to be issued by the new CA)
For example:
juju config ssc certificate-validity=30d
Or rotate the private key if no config changes are desired
juju run ssc/0 rotate-private-key