This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to update an expired SSL certificate without changing the existing keystore name

on ‎06-30-2015 04:43 PM

divyaachan
Staff
2 5 1,491

The steps mentioned below are for the SSL communication between Apigee and the backend API server without changing the keystore name in the apiproxy bundle or in the targetserver configuration. NOTE : This would involve some kind of downtime for runtime API calls and will also avoid having a message processor restart.

Usecases:

Refreshing a KeyStore referred in TargetEndpoint of an apiproxy.

Refreshing a KeyStore referred in TargetServer, which has been used in multiple apiproxies.

Steps for Usecase-1:

Delete the existing keystore(KA), which has expired private key and cert pair.

Create the new keystore(KA) with same name(KA) and key alias(Kalias).

Re-deploy the apiproxy, in which keystore(KA) has been referred.

Steps for Usecase-2:

Delete the existing keystore(KB), which has expired private key and cert pair.

Create the new keystore(KB) with same name(KB) and key alias(Kalias).

Update the target server, in which keystore(KB) has been referred.

Topic Labels
Comments
sgilson
New Member
‎07-01-2015 07:18 AM

Hi Divya,

I thought you did not have to redeploy the API proxy in Usecase-1. Isn't it the Virtual Host that references the keystore, and not the API proxy itself?

Stephen

divyaachan
Staff
‎07-01-2015 06:08 PM

Hi Stephen,

This article talks about the SSL communication between Apigee and the customer backend API server i.e outbound connection from Apigee to customer's backend.

Divya

cfrias
New Member
‎07-18-2016 02:15 PM

Hi Divya,

Is this still valid advice for 4.16.0x?

Carlos

divyaachan
Staff
‎07-19-2016 10:09 AM

Hi Carlos,

Yes, this is still valid for 4.16.0x

karthikprabhu77
New Member
‎10-10-2016 12:27 PM

Hello Divya,

I have one requirement to upload new certs into its key-store , i implement this using usecase 2 as most of the existing proxy refer to the same keystore.

What are all certs we need to share with the backend team to do update at their end. which file do we have to share whether JAR file or consolidated cert pem file.

Thanks,

Karthik

Version history
Last update:
‎06-30-2015 04:43 PM
Updated by: