Follow the steps below after modifying the CA certificate chain of any of the following TLS certificates.

• The TLS certificate of an external database
• The TLS certificate of the web console and the API of an Entrust DB Appliance
• The TLS certificate of the web console and the API of Entrust CSP Compliance Manager

To update the validation chain of the TLS certificate 

1. Run the clusterctl database info command to export the current database settings.
2. Copy the certificate chain from the console output and save it to a file. 
3. Edit the file and update the CA certificates in the database certificate validation chain. 

   If the file contains certificates not related to the database, do not remove them.

4. Import the updated file. 
   • Run the clusterctl database set appliance command to import the TLS certificate chain of an appliance database.

   • Run the clusterctl database set external command to import the TLS certificate chain of an external database.

5. If the database of your installation is an Entrust DB Appliance or an Entrust CSP Compliance Manager, redeploy all solutions that use that database.