1. Deploying Siebel CRM Containers on Kubernetes using Siebel Cloud Manager
  2. Use Cases for Updating Keystore File as Part of Incremental Changes

Use Cases for Updating Keystore File as Part of Incremental Changes

Note: Effective May 1, 2026, many Trusted Root Certification Authorities will no longer issue SSL certificates that include both Server Authentication and Client Authentication Extended Key Usage (EKU). Existing certificates remain valid until expiration or revocation and continue to support both serverAuth and clientAuth EKUs. However, renewals or new certificates issued after the deadline do not include the Client Authentication EKU and therefore cannot be used for mTLS client authentication.
  1. Update the keystore.jks, keystore_client.jks, and truststore.jks files in Git:

    • Using browser UI:

      1. Access your Git instance from browser and go to the Helm charts repository.
      2. Navigate to the siebel-config/keystore folder.
      3. Upload and commit the new custom keystore.jks, keystore_client.jks, and truststore.jks files.
      4. Edit siebel-config/Chart.yaml and increment chart version and commit the same.

    • Using terminal:

      1. SSH to SCM instance.
      2. Enter the container:
        sudo podman exec -it cloudmanager -bash
      3. Go to the keystore directory:
        cd <env_dir>/<Helm charts repository name>/siebel-config/keystore
      4. Copy the custom keystore.jks, keystore_client.jks, and truststore.jks files to the keystore directory.
      5. Open Chart.yaml and increment the chart version:
        vi <env_dir>/<Helm charts repository name>/siebel-config/Chart.yaml
      6. Commit and push the changes to the remote repository:
        git pull
git add <file1> <file2>
git commit -m <message>
git push
  2. Wait for 10 minutes so that flux will automatically reconcile and uptake above changes. Or you can manually reconcile using below commands:
    flux reconcile source git siebel-repo
flux reconcile kustomization apps

    The reconcile process might take up to 10 minutes. The new custom keystore.jks, keystore_client.jks, and truststore.jks files are pulled, and Kubernetes secret "keystore" is updated with new certificate values.

    Note: While the flux reconciliation is in progress, if you are monitoring your cluster by querying the status of the pod and helm release:
    • The kubectl -n <namespace> get pods command will return the status of the pod (configure-xxxxx) as init:3/4.
    • The helm -n <namespace> ls -a command will return the status of the Helm release (siebel-config) as pending-upgrade.

    The status of the pod init:3/4 and Helm release pending-upgrade is as expected, you must proceed to step 3.

  3. Execute the following commands to update Siebel Server/SAI/CGW containers with new certificates.
    1. Edit <Helm charts repository name>/siebel/Chart.yaml, increment chart version, and commit the same.
    2. Edit <Helm charts repository name>/siebel-gateway/Chart.yaml, increment chart version, and commit the same.