Acquisition complete HashiCorp officially joins the IBM family. Learn more
Consul
Consul Home

Rotate TLS Certificates for Consul on Virtual machines (VMs)

To maintain the security offered by TLS encryption, we recommend that you rotate TLS certificates often.

TLS certificates are part of Consul's reloadable configuration, so you do not need to restart the Consul agents when you renew certificates. As a result, there is no risk of downtime.

Rotate certificates for Consul server agents

To rotate certificates for Consul server agents complete the following steps:

  1. Generate new certificates for all server agents to replace the old ones.
  2. Distribute the new certificates to the server nodes.
  3. Reload Consul configuration on each server with the consul reload command.

Rotate certificates for Consul client agents

To rotate certificates for Consul client agents complete the following steps:

When using the auto-encryption method, Consul automatically rotates the client certificates without operator intervention.

Edit this page on GitHub