Updating the PKCS#12 certificate for a TLS server profile

A server certificate bound to a gateway service can be invalidated if the host name in the digital certificate of the server does not match the URL specified by the client, or because it has expired. When this happens, you must update the TLS profile with a new CA certificate or PKCS#12 (P12) file.

Before you begin

One of the following roles is required:

Administrator
Owner
Topology Administrator
Custom role with the Settings: Manage permissions

About this task

If the expiration date of a certificate or a P12 file is approaching, or if a certificate is invalidated, use the steps in this topic to update a TLS profile bound to a gateway service. CA certificate and P12 file expiration dates are displayed in the details of the containing keystore; see step 3.

You update the certificate for a TLS server profile by replacing the certificate in the keystore that is associated with the TLS server profile.

Complete the following steps to update a TLS profile that has an invalidated or expired certificate or P12 file.

Procedure

In the Cloud Manager user interface, click Resources, then click TLS.
To identify the keystore that is associated with the TLS server profile, complete the following steps:
1. In the TLS Server Profile section, select the required profile.
2. In the Keystore/Truststore section, note the selected keystore, then click Cancel to close the TLS server profile details page.
In the Keystore section, select the required keystore.

The Certificates section displays the expiration date of a certificate. You can expand a certificate to see further details.
Click Browse and select the required P12 file.
Note:
- API Connect supports only the P12 (PKCS12) format file for the present certificate.
- Your P12 file must contain the private key, the public certificate from the Certificate Authority, and all intermediate certificates used for signing.
- Your P12 file can contain a maximum of 10 intermediate certificates.
Click Save when done.