ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CA Developer Portal: Renewing pssg, dssg and tssg certificates on Tenant Gateway


Article ID: 199168


Updated On:


CA API Developer Portal CA API Gateway


How to renew pssg, dssg and tssg certificates on tenant gateway integrated with API Portal.


API Portal 4.x


Portal self-signed certificates, should have an expiring date of 3 years. 
With that said, in order to re-generate a new set of self-singed certificate:

On the Portal Server:

1. Make a backup/snapshot of the system if possible.
2. Remove all certificates from /<PORTAL_FOLDER>/certs folder
3. Run ./ script to re-generate new certificates

NOTE: If the script end with error "failed to create service portal_tenant-provisioner: Error response from daemon: network portal_private not found", please stop and start Docker service and re-run script

On the Tenant Gateway enrolled with Portal

1 Go to Policy Manager > Tasks > Global Settings > Manage Cluster-Wide Properties
2.Retrieve the value (hostname) for the following 3 cluster-wide properties

3. Go to Policy Manager > Tasks > Certificate, Keys and Secret > Manage Certificate 
4. Delete pssg, dssg and tssg certificates  
5. Click on ADD
6. Select "Retrieve via SSL Connection (HTTPS or LDAPS Url)" and in the URL field, construct the URL by using https:// + hostname retrieved in step 2 + port 9443 (for example https://apim-pssg.local:9443) and click NEXT
7. If a hostname mismatch warning appears, click Accept.
8. Click NEXT and in the "Select one or more certificate usage options", check Outbound SSL Connections then click NEXT
9.Check "Certificate is a Trust Anchor" and finally click FINISH
10. Repeat step from 5 to 9 for the remaining 2 certificates.