How to update API Portal SSL Certificates for PSSG, Ingress, and so on. (expire in 3 yrs)
search cancel

How to update API Portal SSL Certificates for PSSG, Ingress, and so on. (expire in 3 yrs)


Article ID: 137793


Updated On:


CA API Developer Portal CA API Gateway


The server certificate for tenants on the API Developer Portal can be created with openssl commands and they are applied with [util/] script, according to the following document.
On the other hand, we couldn't find any procedures for updating other certificates such as sync.DOMAIN [CN=pssg], analytics.DOMAIN [CN=DSSG], and apim-ssg.DOMAIN [CN=tssg].
They are valid for 3 years from the setup date. If they need to be updated before the expiry date, what are the update procedures?


Release : 4.x , 5.x

Component : API PORTAL


SSL Certificates for PSSG, Ingress, and so on are expired in 3 years after their generation by the script.

They can be regenerated by removing all files in the certs directory and restarting the portal with the script.

The new certificates are valid for another 3 years.

Steps on the portal:

1. Remove a previously running Portal stack

# sudo docker stack rm portal

2. Ensure the Portal stack has enough time to shut down all containers

# sudo docker ps

3. Backup then Remove the <portal_home>certs  folder 

# sudo tar -cvf certs.tar certs

# sudo rm certs/*

4. restart portal

# sudo ./

5. Watch portal stack for all containers to start 

# sudo watch docker service ls 

Steps on the Gateway:

To update the Portal integration certificate on the proxy gateway's see the documentation:

Certificate Management for Gateway Integration: Renew an Expired Certificate

Note for the "Renew an Expired Certificate":

  • In the step 7 of Retrieve via SSL Connection, confirm the hosts name by Cluster-Wide Properties for accuracy.
  • In the step 8 of Import from Known Trusted Certificate, this is not required. Skip this.
  • In the step 9, after the acceptance, follow the additional step below.
In the View Certificate Details view, paste the Certificate Name you copied.

Additional Information

Before making any changes in working server please keep a complete snapshot of the server.

[for version 4.x only] Please don't regenerate certificates and private keys when the is used for updating the license only.