The security team flag the developer portals dispatcher (protects all public facing HTTPS traffic) as vulnerable

Portal 5.x 

The default deployment of Portal uses a self-signed certificates if public certificates are not provided.

Replace the self-signed certificate with a new public certificate issued and signed by a Trusted Certificate of Authority (CA)   

There are multiple approaches to handle the update of the dispatcher certificate

1. Use <portal_home>\util\update-dispatcher.sh

Link to docs Create and Sign Certificates for Production

OR

2. Portal Admin can request  directly to the CA vendor, provide all required information to get the P12 certificate. (P12 holds both private and public key) 

In this scenario move the returned .p12  to <portal-home>/certs 

Modify <portal_home>/conf/portal.conf with the new key P12 (note need to include passphrase)

PORTAL_HTTPD_SSL_KEY='/opt/apim-portal-5.3-dev/certs/dispatcher_new.p12'

PORTAL_HTTPD_SSL_KEY_PASS=’<passphrase>’

Portal needs to be stopped then started to consume the new key/certificate, once the new KEY is read the portal.conf will obfuscate the private key passphrase

PORTAL_HTTPD_SSL_KEY='/opt/apim-portal-5.3-dev/certs/dispatcher_new.p12'

PORTAL_HTTPD_SSL_KEY_PASS=##SECRET_HTTPD_SSL_KEY_PASS##