API Developer Portal 5.4

tssg certificate already exists in trust store.

The certificate you need is already present in the gateway's trusted certificate store -- it is the certificate currently named "tssg" (CN=tssg, thumbprint 22:C9:E9:AE:55:20:C9:0A:80:90:4B:05:07:15:6F:D4:FE:8A:64:8B).
Since this certificate is already imported and there are no duplicate thumbprints in the trusted store, you do not need to re-import it. Instead, please simply rename the existing trusted certificate:

• Open the Gateway Policy Manager
• Navigate to Manage Trusted Certificates (Tasks > Certificates, Keys, and Secrets > Manage Certificates)
• Find the certificate named "tssg"
• Edit/rename it to portal-ssg.<subdomainname>.com (this must exactly match the portal.config.pssg.host cluster-wide property value)
• Ensure "Outbound SSL Connections" and "Certificate is a Trust Anchor" remain checked
• Save the change
• Retry the Update Portal Integration operation

The Portal Integration upgrade code looks up the trusted certificate by the portal.config.pssg.host hostname value. Since the certificate exists but is named "tssg" instead of "portal-ssg.<subdomainname>.com", the lookup fails with "Certificate not valid". Renaming it will resolve this.