To replace a self signed certificate on kubernetes portal we can follow the below steps but we need some more details on what exact certificate to replace since there are many of them 

https://github.com/CAAPIM/portal-helm-charts/wiki/Configure-License-and-Certificates

API PORTAL

Let's assume you want to update dispatcher-ssl.p12. This is probably the first thing to update since it is for all tenants web console URLs.


The first thing to know is that crt/key will NOT help here. you need to generate and sign a p12 format certificate and name it exactly the same filename of "dispatcher-ssl.p12"

Note the passphrase for the certificate needs to match whatever is set in this line for their values.yaml
https://github.com/CAAPIM/portal-helm-charts/blob/master/values.yaml#L233
(when you first run create_self_signed_certs.sh, it would have asked for what cert passphrase to set, if they left it default, it would be "certpass", if they input something different, then make sure this p12's passphrase also match that)

Once this new dispatcher-ssl.p12 is ready, replace the original in-place and re-install helm to pick up the new file.

Repeat the above steps for apim-ssl.p12, which affects the PAPI URIs.