Use Cases for Updating Certificates for SISNAPI with TLS

This topic provides detailed information about the steps to support use cases for adding or updating custom Transport Layer Security (TLS) certificate post deployment.

During initial environment provisioning, the TLS files required for Sysnapi with TLS configuration will be extracted from keystore and truststore files and pushed to GitLab in location:

<envdir>/<namespace>-helmcharts/siebel-config/tls_certs

If one needs to update custom TLS certificate post deployment, the following steps need to be followed:

Go to GitLab repository location: <namespace>-helmcharts/siebel-config/tls_certs
Update TLS files, commit, and push the changes.
Here the filename should be same and only "pem" format is supported.
The certificates should follow certain rules:
- ca.key.pem - Private key used for issuing new certificates.
- ca.cert.pem - This is CA certificate. This CA cert must be imported in keystore.jks and truststore.jks.
- server.pem - SSL certificate having valid DNS entries. This should be present in keystore.jks.
Increment the chart version in file <name space>-helmcharts/siebel-config/Chart.yaml and commit changes. Wait for 10 minuntes, so that flux will automatically reconcile and uptake above changes. Alternatively, you can manually reconcile using below commands:
```
flux reconcile source git siebel-repo -n <namespace>
flux reconcile kustomization apps -n <namespace>
```
The reconcile process might take upto 10 minutes. The new custom TLS files will be pulled and Kubernetes secret - "keystore" will be updated with new values.
Execute these commands to upgrade ses/sai/cgw containers with new certificates.
Edit <namespace>-helmcharts/siebel/Chart.yaml, increment chart version, and commit the same.
To enable TLS communication for a particular component, one needs to add the below parameter under that component in server yaml file. For more information about parameter addition, see Making Incremental Changes.
```
CommType: TLS
```