How to update API Portal SSL Certificates for PSSG, Ingress, and so on. (expire in 3 yrs)
search cancel

How to update API Portal SSL Certificates for PSSG, Ingress, and so on. (expire in 3 yrs)


Article ID: 137793


Updated On:


CA API Developer Portal CA API Gateway


The server certificate for tenants on the API Developer Portal can be created with openssl commands and they are applied with [util/] script, according to the following document.
On the other hand, we couldn't find any procedures for updating other certificates such as sync.DOMAIN [CN=pssg], analytics.DOMAIN [CN=DSSG], and apim-ssg.DOMAIN [CN=tssg].
They are valid for 3 years from the setup date. If they need to be updated before the expiry date, what are the update procedures?


Release : 4.x , 5.x

Component : API PORTAL


SSL Certificates for PSSG, Ingress, and so on are expired in 3 years after their generation by the script.

They can be regenerated by removing all files in the certs directory and restarting the portal with the script.

The new certificates are valid for another 3 years.

Steps on the portal:

1. Remove a previously running Portal stack

# sudo docker stack rm portal

2. Ensure the Portal stack has enough time to shut down all containers

# sudo docker ps

3. Backup then Remove the <portal_home>certs  folder 

# sudo tar -cvf certs.tar certs

# sudo rm certs/*

restart portal

# sudo ./

Watch portal stack for all containers to start 

# sudo watch docker service ls 

To update the certificate on the proxy gateway's see :

Updating Portal integration certificates on API Gateway


Additional Information

Before making any changes in working server please keep a complete snapshot of the server.

Please don't regenerate certificates and private keys when the is used for updating the license only.