Updating a TLS profile

A server certificate bound to a gateway service can be invalidated if the host name in the digital certificate of the server does not match the URL specified by the client, or because it has expired. When this happens, you must update the TLS profile with a new CA certificate or PKCS#12 (P12) file.

Before you begin

To complete the tasks described in this topic, you must have access to the TLS Profiles page of the Cloud Manager. For more information on which user roles have access, see Adding users and assigning roles.

CA certificate and P12 file expiration dates are displayed in the SSL Profiles page of the Cloud Manager. If the expiration date of a certificate or a P12 file is approaching, or if a certificate is invalidated, use the steps in this topic to update a TLS profile bound to a gateway service.

About this task

Perform the following steps to update a TLS profile with an invalidated or expired certificate or P12 file. After you have uploaded the new certificate, you must remove and re-add the associated gateway service.

Note: If you update a TLS profile that is associated with a Gateway service, the updates are not automatically propagated to Gateway servers. To resynchronize your servers with the latest configurations, see Gateway resynchronization.
Important: There is no support for presenting a client certificate when a call to /v1/portal/ is made.

Procedure

  1. In the Cloud Manager, click TLS Profiles.
  2. In the left pane, select the TLS profile with an invalidated or expired certificate or P12 file.
    The page updates to display the TLS profile details.
  3. In the Present Certificate section, click the Upload Certificate icon Upload Certificate icon.
  4. Click Select File, browse for the certificate file that you want to present for authentication, and click Open.
    Note:
    • API Connect supports only the P12 (PKCS12) format file for the present certificate.
    • Your P12 file must contain the private key, the public certificate from the Certificate Authority, and all intermediate certificates used for signing.
    • Your P12 file can contain a maximum of 10 intermediate certificates.
  5. Click Save.

Results

The updated certificate or P12 file is added to the Cloud Manager.