How to update API Portal SSL Certificates for PSSG, Ingress, and so on. (expire in 3 yrs)
search cancel

How to update API Portal SSL Certificates for PSSG, Ingress, and so on. (expire in 3 yrs)

book

Article ID: 137793

calendar_today

Updated On:

Products

CA API Developer Portal CA API Gateway

Issue/Introduction

The server certificate for tenants on the API Developer Portal can be created with openssl commands and they are applied with [util/update-dispatcher.sh] script, according to the following document.
 
https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-developer-portal/4-5/set-up-and-maintenance/create-and-sign-certificates-for-production.html
 
 
On the other hand, we couldn't find any procedures for updating other certificates such as sync.DOMAIN [CN=pssg], analytics.DOMAIN [CN=DSSG], and apim-ssg.DOMAIN [CN=tssg].
They are valid for 3 years from the setup date. If they need to be updated before the expiry date, what are the update procedures?
 

Environment

Release : 4.x , 5.x

Component : API PORTAL

Resolution

SSL Certificates for PSSG, Ingress, and so on are expired in 3 years after their generation by the portal.sh script.

They can be regenerated by removing all files in the certs directory and restarting the portal with the portal.sh script.

The new certificates are valid for another 3 years.

Steps on the portal:

1. Remove a previously running Portal stack

# sudo docker stack rm portal

2. Ensure the Portal stack has enough time to shut down all containers

# sudo docker ps

3. Backup then Remove the <portal_home>certs  folder 

# sudo tar -cvf certs.tar certs

# sudo rm certs/*

restart portal

# sudo ./portal.sh

Watch portal stack for all containers to start 

# sudo watch docker service ls 

To update the certificate on the proxy gateway's see :

Updating Portal integration certificates on API Gateway

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-developer-portal/4-5/set-up-and-maintenance/create-and-sign-certificates-for-production/certificate-management-for-gateway-integration.html

 

Additional Information

Before making any changes in working server please keep a complete snapshot of the server.

Please don't regenerate certificates and private keys when the portal.sh is used for updating the license only.