mtls renew certificate CLI command reference

    This command can be used to renew expiring Dapr certificates. For example the Dapr Sentry service can generate default root and issuer certificates used by applications. For more information see secure Dapr to Dapr communication

    Renew certificates by generating brand new certificates

    Generates new root and issuer certificates for the Kubernetes cluster with a default validity of 365 days. The certificates are not applied to the Dapr control plane.

      1. dapr mtls renew-certificate -k --restart

      Generates new root and issuer certificates for the Kubernetes cluster with a given validity time.

      Generates new root and issuer certificates for the Kubernetes cluster with a given validity time and restarts the Dapr control place services.

      1. dapr mtls renew-certificate -k --valid-until <no of days> --restart

      Renew certificate by using user provided certificates

      1. dapr mtls renew-certificate -k --ca-root-certificate <ca.pem> --issuer-private-key <issuer.key> --issuer-public-certificate <issuer.pem> --restart

      Rotates certificates for the Kubernetes cluster with the provided ca.pem, issuer.pem and issuer.key file paths.

      Renew certificates by generating brand new certificates using the provided root private key

      Uses existing private root.key to generate new root and issuer certificates for the Kubernetes cluster with a given validity time for created certs.

      1. dapr mtls renew-certificate -k --private-key myprivatekey.key --valid-until <no of days>