The videos in this article will describe how to rotate the Root CA and Leaf Certificate components in 2.7. This education series is separated by four videos.

Rotating the Root CA and Leaf Certificate components is a three step process, detailed below:

1. Adding the new Root CA
2. Activating the new Root CA (in this step, the Leaf CA and non-configurables will also be rotated)
3. Deleting the old Root CA

Product Version: 2.7

Volume 1

After having retrieved the UAAC bearer token, we will need to begin looking at which Certificates are expiring. In this volume, Madeline walks us through the first round of the rotation process - adding a new Root CA. 

Volume 2

After having just created the second CA, “CA 2,” and deploying it across all of the VMs. We are now in the second round where we need to activate the new Root CA.

Volume 3

We have so far completed round 1 and 2 of this certificate rotation and are now heading into round 3 to delete the old Root Certificate. This is considered an optional step because it is not time indicative.
 

Volume 4

This is the final component of our cert rotation series; the Apply Change should now have concluded. With CA 1 deleted, all that remains is CA 2. Madeline will touch upon the DNS set, which requires a full Apply Change of all tiles in order to populate correctly.