Certificate Management for Gateway Integration

Renew an Expired Certificate
When you enroll an API Gateway with API Portal, signed certificates are imported into the Gateway. These certificates expire after three years and are not renewed automatically.
To renew an expired certificate, remove the certificate and create a new certificate of the same type:
  1. Log into the API Gateway using Policy Manager.
  2. Go to
    Tasks
    >
    Certificates, Keys and Secrets
    >
    Manage Certificates
    . Any expired certificates appear highlighted in red.
  3. Select the expired certificate. Click
    Properties
    and copy the
    Certificate Name
    value. 
  4. Click
    Cancel
    to close the Properties dialog.
  5. Select the expired certificate again and click
    Remove
    .
  6. Click
    Add
    to create a new certificate. The Add Certificate Wizard appears.
  7. For
    Retrieve via SSL Connection
    , provide the retrieval URL.  Unless it has been renamed, the Certificate Name is the retrieval URL.  Type https:// then paste the Certificate name you copied, and add the 9443 port number. Default formats for the URLs are as follows:
    • dssg:
      https://apim-ssg <domain>:9443
      .
    • tssg:
      https://analytics <domain>:9443
      .
    • pssg:
      https://<domain>:9443
      .
    You can also find retrieval URLs for certificates from
    Tasks
    >
    Global Settings
    >
    Manage Clusterwide Properties
    .  Use the values for the following keys prepended with
    https://
    :
    • pssg:
      portal.config.pssg.sync.host + portal.config.pssg.sync.port
    • dssg:
      portal.config.dssg.datalake.host + portal.config.dssg.datalake.port
    • tssg:
      portal.config.api.host + portal.config.api.port
  8. Select
    Import from Known Trusted Certificate
    and select the same service type as the certificate you removed (pssg, tssg, or dssg). 
  9. Click
    Next
    . If a hostname mismatch warning appears, click
    Accept
    .
  10. Select
    Outbound SSL Connections
  11. Click
    Next
    .
  12. Select
    Certificate is a Trust Anchor
  13. Click
    Finish
    .