This KB shows you how to update/rotate CA certificate if you configured  Tanzu Application Service to use an external DB

Tanzu Application Service configured to use an external Database

You can check if you are using an external DB under Ops Manager UI -> TAS Tile -> Databases

Here are steps on how you can update/rotate CA certificate if you are using RDS as an external Tanzu Application Service DB:

Please note that this procedure assumes there are no TAS upgrades or Database upgrades and you will only be rotating Database CA Certificates

1. Generate new CA cert on your external Database. Please refer to you external Database documentation.
2. Once new CA cert is generated. Add the new cert along with the old certificate under Ops Manager UI -> TAS Tile -> External Database -> Database CA Certificate Field. Please don't remove the old certificate
3. Click "Apply change" on Ops Manager UI for configuration change to take effect
4. Once Step 3 is successful, update the CA cert on your external Database and verify if your external Database is healthy
5. Remove the old certificate under Ops Manager UI -> TAS Tile -> External Database -> Database CA Certificate Field. So only the new certificate is existing
6. Click "Apply change" on Ops Manager UI for configuration change to take effect