This article explains the behavior of Director-to-VOS communication when the VOS certificate expires and provides steps to manually update the certificate without requiring a VOS upgrade.
Behavior with Expired Certificates
The Director does not encounter any error when reaching the FlexVNF, even if the FlexVNF certificate has expired.
However, the certificate — whether expired or valid — must be present in the database for successful communication.
The certificate is also used when the Director connects to the branch on port 8443, which is required to display live monitor tab details.
Automatic Certificate Renewal
When a VOS is upgraded (for example, as part of a version update), its certificate is automatically renewed if the existing certificate is about to expire or already expired.
No manual action is required during or after the upgrade for certificate renewal.
Manual Certificate Update Without Upgrade
If you prefer not to upgrade the VOS and need to refresh the VOS certificate manually, follow the steps below:
1. Copy the attached script to /var/tmp
4. Check the certificate validity using "openssl x509 -startdate -enddate -noout -in /opt/versa/var/cert/vshost.crt"
